The first week of October was the start of National Cyber Security Awareness Month (NCSAM) but brought us news of new crypto-ransomware attacks against hospital systems in Alabama (USA), and Victoria, Austrailia. It appears that in both cases the hospital systems are wotking with federal cyber incident response teams to mitigate and recover, and no ransom payment will be forthcoming. Which is especially good in the Alabama case, since no ransom demand has been presented.
We have focused on the resurgence of ransomware this year. Crypto-ransomware attacks have become more targeted, with higher ransom payment demands in the tens and hundreds of thousands of dollars. If you are responsible for network security in your business, especially if you are in one of the more heavily targeted sectors, defense is critical.
How to protect yourself from ransomware
- Secure your devices: Run antivirus, configure a strong firewall, IPS, or SIEM, and update every piece of software with the latest patches.
- Email filtering: Scan incoming communications for spam, phishing emails, and known threats.
- DNS and network filtering: Using proxy services such as OpenDNS, Cisco Umbrella, and Quad 9 can block malicious attacks before they get to your network.
- Require strong passwords. Passwords need to be at least ten characters or longer.
- Use two-factor authentication. This can prevent remote logins using breached credentials.
- Make regular backups. Good, tested backups are an important defense against a six-figure ransom demand. Be sure to store backups separately from other systems, periodically test them, and know how to restore them. The best way to recover from a ransomware attack is to be able to restore your own data yourself.
- Lock down or disable RDP. Turn off remote desktop protocol, if you don’t need it, and use rate limiting, 2FA or a VPN if you do.
- Use anti-encryption protection. Sophos Intercept X and XG Firewall and similar products are designed to work hand in hand to combat ransomware and its effects.
- Educate your staff: Use cybersecurity awareness training to train employees not to provide personal info in email, text messages, phone calls, or IM.
- Traveling employees: Require traveling employees use VPN when accessing corporate resources while out on the road.
- Disable unnecessary Windows processes: Volume Shadow Copy Service admin doesn’t always need to be enabled and can be hijacked by ransomware. Also consider disabling PowerShell, Windows Script Host, file sharing, and AutoPlay unless you have a specific need for those services.
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com