In an effort to combat the epidemic of ransomware attacks, the FBI identified key steps to help prevent a breach. There are over 4000 ransomware attacks per day, and the number is expected to increase. Individuals and businesses need to protect themselves against this insidious intrusion.

Ransomware is a form of malware designed to extort money from businesses and individuals. It encrypts data on a home computer or business network, and in some cases seeks out connected backups to encrypt or erase. The malware is generally downloaded through a spear phishing email or connection to a disguised malware website.

Individuals and businesses should use the same protocols for ransomware prevention: Education is the first step. Spear phishing email is the main carrier of ransomware. Users should never click on unsolicited email nor open a suspicious embedded link. View email in a reader pane. Hover the cursor over the sender’s name/email address. If the name and email are different or suspicious, don’t open the email.

For a more in-depth review on spear phishing and social engineering, please read our blog at:

https://layer8cybersecurity.com/why-spear-phishing-and-social-engineering-work/

Prevention is the best defense to stop ransomware. Here are some steps individuals and businesses should implement:

  • Educate and train employees about cybersecurity
  • Initiate strong spam filters to prevent phishing email
    • Authenticate inbound email using technology such as:
      • Sender Policy Framework (SPF)
      • Domain Message Authentication Reporting and Conformance (DMARC)
      • DomainKeys Identified Mail (DKIM)
  • Scan incoming and outgoing mail
  • Filter mail for executable files
  • Configure firewalls to stop access to known malicious IP addresses
  • Patch and update operating systems, software and firmware
    • Consider using a patch management system
  • Set anti-virus and anti-malware programs to scan automatically

Prevention on business networks should also include account management on the idea of least privilege. Users should not be assigned administrative access unless absolutely needed. Access to file, directory and network share permissions should be configured in the same way; least privilege. If a user only needs to read a file, they should not have write access. Additional steps should also include:

  • Disable macro scripts from office files transmitted through email
  • Consider using Office Viewer software to view Microsoft Office files
  • Implement Software Restriction Policies to prevent programs executing from known malware
  • Disable Remote Desktop protocol if it is not used
  • Use Application Whistling which only allows programs to execute that are known and permitted by the security policy
  • Categorize data by business value
  • Implement physical and logical separation of networks and data
  • Backup data regularly to secure locations
  • Conduct annual penetration testing and vulnerability assessments

The emphasis for cybersecurity is education and prevention. Excellent cyber hygiene and layered security technology and policy will help prevent a ransomware attack.

If you are interested in learning more about cyber crimes, cybersecurity and how to create a resilient business, please contact us at: contact@layer8cybersecurity.com