Good Cyber Hygiene Can Prevent Ransomware Attacks

Good Cyber Hygiene Can Prevent Ransomware Attacks

by Anastasios Arampatzis 

 

Ransomware attacks are increasing year after year, affecting a wide range of organizations and industries. In November 2021, electronics retail giant MediaMarkt suffered a Hive ransomware with an initial ransom demand of $240 million, causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany. 

In Greece, back in July 2021, the Municipality of Thessaloniki, the second biggest city in the country, suffered from a ransomware attack (link in Greek) which encrypted files and documents containing personal data. Later, in November of the same year, several Greek shipping companies were hit by a ransomware attack that spread through the systems of a popular, well-established IT consulting firm. 

What is the state of ransomware in 2021? 

The evolving ransomware landscape is described in many security reports that provide a detailed account of the tactics used by ransomware gangs and their impact.  

For example, Sophos’ 2021 State of Ransomware report states that 37% of the survey respondents had suffered by a ransomware attack. Even if a company chooses to pay the ransom – don’t do that! – this does not ensure that they will get their data back. Only 65% of the encrypted data was restored after organizations having paid the ransom. Paying the ransom is not the only financial constraint faced by the victims. Sophos reports that the average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc. was $1.85 million. 

Ransomware groups are no longer targeting small and medium businesses. They are going after the big fish! Europol’s Internet Organised Threat Assessment (IOCTA) 2021 report notes that “The trends of focusing on large corporations and public institutions, utilizing vulnerabilities in the digital supply chain, and multi-layered extortion that we observed last year have intensified and become more prominent, which is an indication of the increased sophistication and maturation of the ransomware affiliate programs involved.” 

The shift in the attack paradigm towards high-value targets indicates that ransomware groups choose their targets based on: 

• their financial capability to comply with higher ransom demands, 
• their need to resume their operations as quickly as possible.  

This seems to indicate that spending more time on large corporations and public institutions is an effective approach for cybercriminals in terms of the return on investment. This trend is reflected on the sectors which are mostly targeted by criminals: central and local government, technology, manufacturing, energy, oil/gas, education, and healthcare. 

It is important to highlight the core role of technology companies in ransomware attacks. Technology companies are a popular target for ransomware gangs because they are a crucial part of supply chains. The examples of the SolarWinds, Kaseya and Microsoft Exchange Server attacks are fine examples of the tactics employed by criminals who seek to compromise digital supply chains.  

Organizations need to grant access to update distributors, which makes third-party service providers an ideal target. After infiltrating a software provider’s client network, ransomware groups can choose the most suitable targets, move laterally remaining undetected under the disguise of legitimate users, and then deploy their malicious code at the most convenient time. Furthermore, as the past successful attacks have profoundly demonstrated, with businesses being highly interconnected and interdependent, a successful intrusion does not only put one company at risk, but also opens doors to compromise other service providers, giving the attack even greater scalability. 

How to prevent ransomware attacks 

All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems. Since there’s no way to completely protect your organization against ransomware infection, you should adopt a ‘defense-in-depth’ approach. This means using layers of defense with several mitigations at each layer. You’ll have more opportunities to detect malware, and then stop it before it causes real harm to your organization. 

Several agencies, like CISA and NCSC, have developed guidelines to help organizations prepare for potential attacks. The goal of these preventative steps is to make the attackers’ life more difficult. Your strategy should include the following steps: 

1. Maintain offline, encrypted backups of data and regularly test backups. It is important that backups be maintained offline as many ransomware variants attempt to find and delete or encrypt accessible backups. 
2. Create, maintain, and exercise a basic cyber incident response plan, resiliency plan and associated communications plan. These plans should address how the organization operates if it is infected and loses access to or control of critical functions. 
3. Mitigate internet-facing vulnerabilities and misconfigurations to reduce the risk of actors exploiting this attack surface. This should include employing best practices for securing Remote Desktop Protocol (RDP) services, conducting regular vulnerability scanning, updating software, ensuring proper security configuration of all devices, and disabling Server Message Block (SMB) protocol. 
4. Reduce the risk of phishing emails by enabling strong spam filters and implementing a cybersecurity user awareness and training program. 
5. Practice good cyber hygiene by ensuring anti-virus and anti-malware software and signatures are up to date, implementing application whitelisting, ensuring user and privileged accounts are limited, employing multifactor authentication, and putting in place other cybersecurity best practices. 

fdfb

The importance of good cyber hygiene 

Even though ransomware actors are getting more sophisticated, basic cyber hygiene is still the answer to preventing these types of attacks. Cybersecurity experts agree that most of the ransomware attacks today can be prevented by good cyber hygiene practices. 

“If you look at the most major ransomware attacks that have occurred, basic cyber hygiene could have prevented the vast majority of them, so, killing their ability to move laterally,” Matthew Swenson, chief of the Department of Homeland Security’s (DHS) Cyber Crime Unit at Homeland Security Investigations (HSI), said during a recent webinar. 

Maintaining a good cyber hygiene posture is a shift in mitigating ransomware threats – instead of reacting to an incident, basic cyber hygiene can help you to proactively prevent ransomware attacks before they occur. Even if an attack should occur, good cyber hygiene practices can help organizations control and reduce the impact. As the organization becomes more mature, it can implement more advanced cybersecurity controls to block bad actors from hijacking their sensitive, valuable data. 

ADACOM offers a holistic approach to mitigating the ransomware threat 

This changing business landscape requires a holistic approach towards information resilience and security risk management to enable an organization to minimize the threat of ransomware attacks and maximize the trustworthiness of its information and the reliability of its automated processes. 

ADACOM has established its own GRC & Assurance Services portfolio based on Information Resilience, which goes beyond the traditional Information & Digital Security models. Contact us to learn how we can help you.