Total Tests:

How to Protect Against Ransomware

Read Time: 3 min.

Recently, there have been more and more reports of companies and users affected by ransomware attacks.
Learn more about how to protect from ransomware both your company and yourself.

How to Protect Against Ransomware
How to Protect Against Ransomware

Cybercriminals make billions of US dollars from Ransomware viruses. The sudden increase in the frequency of this form of cyberattack has alerted many organizations and users. Dozens of new types of ransomware Trojans and tens of thousands of their modifications appear every year. Ransomware targets primarily the most popular operating systems, such as Windows for workstations and servers, and Android for mobile devices. There are also known Trojans for other operating systems based on Linux, macOS, iOS and others.

Want to have an in-depth understanding of all modern aspects of Ransomware? Read carefully this article and bookmark it to get back later, we regularly update this page.

In recent years, several examples of such known attacks can be cited, for example, the large-scale attack of the WannaCry ransomware virus that hit over 200 thousand computers and servers based on Windows operating systems in more than 150 countries, as well as the Petya virus attack. However, it is worth knowing that, with proper preparation, you can significantly reduce the risk of an attack and limit the possible damage it can cause.

What Is Ransomware

Ransomware is a form of malware that infects network devices and data centers. Ransomware makes it impossible to access the data until the organization pays the ransom. The rapidly growing popularity of ransomware is due to the fact that it is easy to organize an attack with them, since the source codes of the Trojans and instructions for them are publicly available, and some even offer such an attack as a service (Ransomware-as-a-Service) right on the Internet. With the simplicity of the organization, it has high profitability, the ability to anonymously collect and cash out funds using cryptocurrencies.

It is difficult to assess the magnitude of losses caused by ransomware because many organizations prefer to pay to unblock access to files, however, it should be borne in mind that this solution does not always work, and despite the payment of a ransom, the data remains encrypted. A universal data decoder still does not exist, although not so long ago, ways to decrypt data on Windows XP were published. After a large-scale attack by the XData ransomware virus in May 2017, which exploits, as WannaCry does, a similar vulnerability EternalBlue in the SMBv1 protocol for infection, the encryption key was published and decryptors were released for the victims of the ransomware.

How Ransomware Infection Occurs

The most common ways to install ransomware Trojans are by placing the program on a website and phishing. After installation, the ransomware either encrypts files on the victim's computer, or blocks the normal operation of the machine, displaying a message demanding a ransom payment for restoring the system access. In most cases, a ransom message appears after the computer is restarted after infection.

In more detail, the possible vectors of access to the protected information located on the server or the user's workstation are as follows:

  • impact on the perimeter of the local network from the Internet through corporate e-mail, web traffic, router, firewall, third-party gateways to access the Internet or remote access systems.
  • impact on users' servers and workplaces by downloading malware to endpoints or servers upon request from them, exploiting software vulnerabilities, downloading malware via an uncontrolled encrypted VPN channel, and connecting illegal devices to the local network.
  • direct impact on information on servers and user workplaces when connecting external media with malware or developing malicious programs directly on the server.

How to Protect from Ransomware

Recent massive ransomware attacks have exposed significant endpoint vulnerabilities and demonstrated that new types of malware can easily bypass traditional antiviruses and encrypt user data. You might think that there is no protection against targeted ransomware attacks, but this is not the case. Some antivirus software vendors claim that only one of their products can help and guard, but this is not true.

The task of proactive protection against ransomware viruses can be solved only by a set of measures that will help neutralize and reduce the likelihood of a threat being implemented for each type of access to protected information. The main rules of how to protect from ransomware are as follows:

1. Educate company employees on safety issues. Instruct users not to click on unknown attachments and links in emails, or to open files of unknown origin. The human is the weakest link in the security chain.

2. Use professional internet security solutions and tools to scan pages, files, and email content for malware. And make an inventory of all your IT assets that can be affected.

3. Disallow unauthorized access to workstations, servers, virtual machines by applying the Zero Trust Security concept, enhanced user authentication, control of the integrity of the operating system, blocking system loading from external media to prevent infection of the corporate network by intruders inside the network perimeter.

4. If possible, use a whitelist that prevents unauthorized applications from downloading and running.

5. Use analytical tools to determine where the infection comes from, how long it has been in your information environment, whether it was removed from all devices.

6. Implement a BYOD security solution responsible for scanning and blocking devices that do not meet security requirements, as no anti-malware client installed, anti-virus database outdated, or lack of key patches in the operating system.

7. Update your operating systems, devices, and software. Make sure your antivirus, IPS, and anti-malware software is up to date.

8. Develop a backup and recovery plan. Back up your system regularly and store it on a separate device offline.

Other Ways to Protect from Ransomware

In addition to the above measures, implement penetration testing which can help detect ransomware on the corporate network nodes, search for known vulnerabilities in system and application software before they are exploited by cybercriminals. Also, discover and monitor network devices and those connected to user workstations.

Collecting and correlating events allows for a comprehensive approach to detecting ransomware on the network, since this method provides a holistic view of the company's IT infrastructure. Efficiency lies in processing events that are sent from various infrastructure components based on correlation rules, which allows you to quickly identify potential incidents related to the spread of ransomware.

Ransomware Proactive Protection Rules

  • Ensure control over the connection of external devices, blocking unused ports on protected hosts to prevent unauthorized devices from connecting to them, both media with potentially malicious programs, and external gateways to access the Internet, providing an uncontrolled and unsecured Internet access channel.
  • Do not include macros in untrusted Microsoft Office documents. Check sender addresses in email messages.
  • Evaluate the effectiveness of personnel training using attack simulations, regularly conduct penetration testing with the participation of external specialists.
  • Ensure anti-virus protection on all network nodes of the organization. Antivirus software should detect facts of virus infection of RAM, local storage media, volumes, directories, files, as well as files received via communication channels, e-mail messages at workstations, servers, virtual machines in real time, treat, delete or isolate threats.
  • Provide advanced host protection through behavioral analysis, machine learning, heuristic analysis of files, application control, protection against exploits to identify and block unknown zero-day threats in real time. This measure is implemented by Attack Surface Management.

Findings

Cybercrime is focused on billions of dollars in revenue. Cybercriminals are highly motivated to find ways to generate income. They go for deception, extortion, robbery, threats, and intimidation of their victims in order to gain access to the most valuable data and resources.

The ease of implementation and low cost of Ransomware, DDoS, attacks on web applications, and others, leads to an increase in the number of cyberattacks.

ImmuniWeb is one of the top 10 companies according to Cybersecurity Ventures that focuses on modern information security challenges and protects the client infrastructure from the latest, including unknown, cyber threats. By creating and implementing complex adaptive models for countering information security threats, we know how to protect from ransomware, how to predict, prevent, detect and respond to other cyber threats. The main thing is to do this in a timely manner in order to minimize possible losses for your company from the activities of hackers.

Additional Resources

Free Demo Share on Twitter Share on LinkedIn

Reduce Your Cyber Risks Now

ImmuniWeb® AI Platform

I’d like to get a free:*

I’m interested in:*
How can we contact you:
*
*
Please fill in the fields
highlighted in red above

Requests with fake data
will be ignored

Private and ConfidentialYour data will stay private and confidential
Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential