Ransomware prevention: How organizations can fight back - Deepstash
7 Books on Habits

Learn more about problemsolving with this collection

How to break bad habits

How habits are formed

The importance of consistency

7 Books on Habits

Discover 88 similar ideas in

It takes just

11 mins to read

Sophisticated Ransomware Hacking

Sophisticated Ransomware Hacking

Ransomware has hit new levels of sophistication, with demands for payment skyrocketing into the tens of millions of dollars. Vulnerabilities posed by pandemic-weary organiza­tions and workers logging in from unsecured home networks; others are highly complex, such as ever-increasing connectivity driven by advancing digitization.

Rather than the “smash and grab” approach, hackers are now “dwelling” undetected within victims’ environments to better understand where the highest value data and information lies.

30

438 reads

The New Threat

The New Threat

With the use of low-cost ransomware-as-a-service (RaaS) campaigns, this cyberthreat has surged beyond the quiet confines of the C-suite to where boards of directors, regulators, law enforcement, industry associations, insurance providers, and the cybersecurity vendor community all need to be a part of the solution.

While governments, law enforcement, and regulators continue to grapple with ransomware issues such as transparency and oversight of cryptocurrencies, companies need to ensure they remain resilient by focusing on ransomware prevention, preparation, response, and recovery strategies. 

28

324 reads

Prevention Of Ransomware Attacks

Prevention Of Ransomware Attacks

To achieve a secure work environment, you need to know what technology you have, what and who it is talking to, and then watch it like a hawk. Vigilance is key. To get there, everyone from the board and C-suite to down the line must be on the same page and treat security as a continuous endeavour that balances technology with people and processes to ingrain security into an organization’s DNA.

To achieve a secure work environment, you need to know what technology you have, what and who it is talking to, and then watch it like a hawk.

29

234 reads

The Tactics Companies Can Use: Securing Remote Desktop Protocol

COVID-19 saw workforces shift to work from home—and home networks are often rife with poor security. Solid basic hygiene would include strong passwords, multi­factor authentication, software updates, restricted access, and network-level authentication.

Multifactor authentication(MFA) for critical assets and high-risk users is strongly recommended. This tactic can be a strong barrier for attacks that leverage credential-based access or privilege escalation like ransomware.

30

210 reads

Patch Management

Legacy systems, be it OT or IT, chug along on old software with security gaps. After RDP and phishing attacks, vulnerable software is the next largest attack vector, which is why securing communication channels and patching Windows operating system exploits remain vital.

28

177 reads

Disabling User-Level Command-Line Capabilities

Disabling User-Level Command-Line Capabilities

Ransomware threat actors run free or low-cost software and scanning tools, searching for things like credential harvesting and internal unsecured port discovery from command-line prompts. If command-line capa­bilities end up disabled, the company becomes a more difficult target. Additionally, blocking port TCP 445 on external-facing infrastructure and internal firewalls also helps reduce the attack surface.

30

181 reads

Protect Active Directory

Protect Active Directory

Active Directory is a database and set of services that connects users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are and who’s allowed to do what.

29

158 reads

Education and training

Cyber awareness training and education should be mandatory. You don’t need to be a highly trained and skilled cybersecurity professional, but basic changes in behavior and awareness of where and how threats can enter your organization can further reduce risks.

28

143 reads

Preparing For An Attack: Know Your Decisions Right

Preparing For An Attack: Know Your Decisions Right

The timing, urgency, and stress of an attack escalate when decision rights are unclear. Who will lead the response team? Is the CEO directly involved or deliberately removed from the tactical details of the response?

Designate a person accountable for keeping the crisis response moving forward in a methodical and detailed manner and ensure decision trees end up aligned, from the chief information security officer (CISO) or chief security officer (CSO) to the CEO or response leader.

28

129 reads

Preparing For All Options and Understanding Negotiating Constraints

Preparing For All Options and Understanding Negotiating Constraints

Prior to experiencing a ransomware attack, the majority of companies say they will not pay a ransom. However, when nearly two out of three organizations ended up victimized by a ransomware attack over the past 12 months, over 80 percent paid the ransom demands, according to a 2021 report from ThycoticCentrify on the state of ransomware.

Constraints can range from the level of insurance coverage to whether customers’ data are also at risk and premerger or pre-acquisition sensitivities. Given these will change over time, ensure this view is refreshed periodically.

28

104 reads

Getting Your Board Up To Speed

Generally, board members will want to help and bring issues to closure—the success of which all comes down to communication. That is why the board and executive leaders need to engage in a critical conversation detailing roles and how to activate them. This level of communication and advanced planning can facilitate faster decision making and collaboration. Resiliency becomes baked in when cybersecurity becomes a joint capability between the board and executives and through all levels of the organization.

28

95 reads

Enhancing Resilience

Business continuity answers the question, “How do we operate this process if a particular technology or person is disrupted?” Whereas operational resilience targets the bigger question of, “How do we organize such that a particular event does not disrupt us?” Companies should have answers to both questions to prepare for cybersecurity attacks.

28

95 reads

Preparation: The Requirements

Approaching ransomware prevention and preparedness from a resilience perspective frames the requirements and outcomes differently:

  • Know what assets are important (crown jewels, critical assets) and where they live.  
  • Know the backup process, which will help assess how feasible recovery is. It’s also good data hygiene to only keep what you need.
  • Recovery testing is always helpful. Testing in advance of disruption builds muscle memory, uncovers dependencies, and encourages creative thinking and problem solving.

29

102 reads

Response

Response

In a ransomware attack, time is of the essence, so collaboration and transparency prevail. When an organization becomes aware of a ransomware attack, it should not compartmentalize the challenges ahead. The CISO or CSO needs to ensure transparency and collaboration with internal stakeholders across the company, including the board, C-suite, affected business groups, compliance and risk, and legal and crisis communications teams.

29

90 reads

Phone A Friend

Your organization’s network of external stakeholders can provide valuable input and help expedite risk-based decision making.

An organization’s first call should be to the FBI, or a regional and supervisory law-enforcement agency, for notification and disclosure. For very large financial institutions or companies managing and operating critical infrastructure, there is a broad range of law-enforcement capabilities available.

28

88 reads

Proceed Carefully

Proceed Carefully

The US Department of the Treasury’s guidance on ransomware payments requires organizations to consult with them if they need to pay the ransom. However, since ransom payments could violate sanctions against certain individuals or designated organizations, the Treasury’s Office of Foreign Assets Control and its Financial Crimes Enforcement Network say organizations could be held liable for ransom payments, even if they were unaware or unable to determine the recipient is on a prohibited list.

29

87 reads

Seek Counsel and Check Insurance Policies

External counsel, as well as insurers, are significant partners to have at the table. From discerning who to notify and when to working through the finer points of negotiation and possible implications and thinking through the legal requirements for customers and partners—especially third parties—these stakeholders bring practical benefits.

28

84 reads

Expect Pressure

Expect Pressure

Some RaaS groups have call centers that will proactively reach out to down­stream customers and activist investors to put pressure on a victim to pay. Expect this and have a plan to engage stakeholders, whether proactively or in response to their queries.

Your response leader can serve as “air traffic control” to manage the responsibilities of all parties involved.

28

85 reads

Intelligence And Forensics

Dig into forensics and intelligence. In the earliest stages of the attack, use intelligence to determine who is behind the attack and how they were able to gain access and maintain persistence and detonate the malware. This knowledge will aid in understanding how bad the attack is and assist in decryption and negotiation.

Attempt to locate or access known unencrypted shadow copies of data or even a decryption key using member institution initiatives to determine if their information can be decrypted without paying.

30

81 reads

Recovery

Recovery

No matter what, recovery from a ransomware attack can be messy. If you decide to pay and get a decryption key—and if it works—there is usually a considerable amount of cleanup because the attackers shut down servers and databases not designed to shut down hard. If you don’t pay, rebuilding networks from backups is time consuming.

Verify. For attackers, ransomware is a business, and they want to keep their reputations intact.

Know what’s up for debate. For large and more mature institutions, forensic teams can generally figure out how to find or trigger the decryption key.

28

89 reads

The Bottom Line

The Bottom Line

Remember that you are collaborating with criminals, so the closer a company gets to pay the ransom, the more it needs proof that the attackers actually have what they say they have.

Make no mistake about it, ransomware is ugly. But making your enterprise resilient by following prevention, preparation, response, and recovery strategies will allow a company to recover from attacks and not have to pay a huge ransom. Communication, advanced preparation, understanding and then minimizing risk is the best way to keep the operation up and running.

29

97 reads

CURATED BY

tamcha

Chartered loss adjuster

CURATOR'S NOTE

Ransomware has rapidly become one of the top cybersecurity nightmares. Strategies for prevention, preparation, response, and recovery can help.

stash-superman-illustration

Explore the World’s

Best Ideas

200,000+ ideas on pretty much any topic. Created by the smartest people around & well-organized so you can explore at will.

An Idea for Everything

Explore the biggest library of insights. And we've infused it with powerful filtering tools so you can easily find what you need.

Knowledge Library

Powerful Saving & Organizational Tools

Save ideas for later reading, for personalized stashes, or for remembering it later.

# Personal Growth

Take Your Ideas

Anywhere

Organize your ideas & listen on the go. And with Pro, there are no limits.

Listen on the go

Just press play and we take care of the words.

Never worry about spotty connections

No Internet access? No problem. Within the mobile app, all your ideas are available, even when offline.

Get Organized with Stashes

Ideas for your next work project? Quotes that inspire you? Put them in the right place so you never lose them.

Join

2 Million Stashers

4.8

5,740 Reviews

App Store

4.7

72,690 Reviews

Google Play

samz905

Don’t look further if you love learning new things. A refreshing concept that provides quick ideas for busy thought leaders.

Ashley Anthony

This app is LOADED with RELEVANT, HELPFUL, AND EDUCATIONAL material. It is creatively intellectual, yet minimal enough to not overstimulate and create a learning block. I am exceptionally impressed with this app!

Sean Green

Great interesting short snippets of informative articles. Highly recommended to anyone who loves information and lacks patience.

Shankul Varada

Best app ever! You heard it right. This app has helped me get back on my quest to get things done while equipping myself with knowledge everyday.

Ghazala Begum

Even five minutes a day will improve your thinking. I've come across new ideas and learnt to improve existing ways to become more motivated, confident and happier.

Giovanna Scalzone

Brilliant. It feels fresh and encouraging. So many interesting pieces of information that are just enough to absorb and apply. So happy I found this.

Laetitia Berton

I have only been using it for a few days now, but I have found answers to questions I had never consciously formulated, or to problems I face everyday at work or at home. I wish I had found this earlier, highly recommended!

Jamyson Haug

Great for quick bits of information and interesting ideas around whatever topics you are interested in. Visually, it looks great as well.

Read & Learn

20x Faster

without
deepstash

with
deepstash

with

deepstash

Access to 200,000+ ideas

Access to the mobile app

Unlimited idea saving & library

Unlimited history

Unlimited listening to ideas

Downloading & offline access

Personalized recommendations

Supercharge your mind with one idea per day

Enter your email and spend 1 minute every day to learn something new.

Email

I agree to receive email updates