We discussed the best practices and habits that organizations and individuals can take in order to limit the impact of the ever-growing threat landscape today in part 1. In part 2 will be building up on the previous article and discussing current available industry solutions and administrative practices that cannot only aid in limiting ransomware, but also help secure data. With ransomware costs expected to exceed USD $20 Billion in 2021, it is more important than ever to understand the best practices and tools we can deploy to protect ourselves and our organizations.
Firewalls and endpoint security
Implementing a proper firewall and endpoint security devices such as an intrusion detection system (IDS) or intrusion prevention system (IPS) are great ways to deter attackers as they can act to significantly decrease the ease of breaching a system. However, proper endpoint security hardware often come with a hefty price tag as they have previously been designed and curtailed for larger organizations.
Endpoint security hardware, such as the Pangolin Smart Firewall platform, help reduce the surface area of attack by blocking non-essential open ports, properly securing open ports with suitable IPS protection that govern traffic through updated policies, minimizing the risk of lateral movement of malware within the network, and by automatically isolating infected systems to prevent spread.
Having good perimeter defense in the form of end point security and firewalls is not enough. Security is about layering and hardening. Utilizing competent anti-malware software can help aid in the defense against malicious attacks. Investing in a sandbox environment may also help larger enterprises with securing their on-premise devices.
There are also software solutions both offline and on the cloud that may help organizations and individuals securely backup and store their important data allowing a quicker recovery should an attack occur.
Last but not least, there are also software available to can help implement a zero-trust security model through an organization. These software and solutions place data as the priority of security and requires authentications for all users and devices at every point they connect to the network in question.
Security vulnerabilities in software
Malicious attacks utilizing ransomware are often crimes of opportunity. Here are a few examples:
- The device(s) in question are not up to date with the latest firmware or software
- Software solutions have not been updated with latest policies and signature
- Software has been compromised in some form (Supply chain attack, or a zero-day)
These are some examples of vulnerabilities in software that are a result of a lack of attention. It is vital to keep operating systems, software, firmware, applications, and anti-malware software up to date with the latest updates and signatures. Applying the latest updates can help close security holes that malicious actors are looking to exploit.
Even when a ransom is paid, it is not always possible to retrieve all the data when ransomware is involved. Corruption of data archives are common when they are encrypted by ransomware, and it is also possible that a wrong decryption key is given.
As such, the practice of backing up data and systems is one of the single most effective way to recover from a ransomware attack. Backup files and system images should be stored offline or on a separate secure cloud service so that it would be possible for the individual or the organization to quickly restore operations. It is also important to routinely test backups and images for efficacy. Proper time stamping is also important for backups in order to prevent rolling back to a possible infected backup.
Ransomware will continue to evolve, and we it is nearly impossible to completely prevent and eradicate all malware out there. However, we learned that careful and deliberate actions together with the use of proper endpoint security solutions help greatly in reducing the impact of the threat posed by ransomware and other forms of malware. Maintaining awareness, understanding the threat landscape, planning, and finally executing on proper policies will greatly help individuals and organizations decrease their risk when it comes to ransomware.