[BreachExchange] Protecting your business from the scourge of ransomware

Audrey McNeil audrey at riskbasedsecurity.com
Tue Feb 6 19:14:00 EST 2018


Recent ransomware attacks are raising the need for organisations to be more
compliant. With EU’s General Data Protection Regulations (GDPR) due to come
into effect in May 2018, now is the time to ensure your operation is a
secure environment.

According to the Gowling WLG Digital Risk Calculator, three quarters of
surveyed European business leaders now consider security breach as a high
risk to their business. Europol recently reported that global ransomware
attacks soared by over 11 percent in the 12 months to March 2017.

Ransomware preys on emotion, directly extracting money from individual
victims or entire organisations. Cybercriminals infect devices, block
access and then demand money. Unfortunately, there is no silver bullet to
combat the problem. However, there are steps that can be taken to minimise
risk and stop the spread of infection.

Shut it down Prevention is better than cure, but ransomware is very
difficult to combat. In the short term, the best action organisations can
take is to limit the spread of infection by shutting down their systems
before determining the initial compromised source. Isolating the infected
area will minimise widespread destruction.

Back it up Regular data backups are vital and should be central to
day-to-day operations. Executed properly, data also remains secure if
devices inadvertently fail. Successful ransomware attacks can occasionally
infiltrate file encryption on backups, so it is worth using drives that are
offline and entirely out of the potential line of fire.

Use inspection systems SSL/TLS visibility solutions can inspect for
security devices, as well as filter and monitor emails for phishing attacks
– all within encrypted traffic flows that may be hiding malicious malware.
Organisations should always have systems in place to detect ransomware
based on specific behaviours. If an attack occurs and an account is
compromised, it is important to quickly restrict administrative privileges
to contain the damage.

**Perform regular software updates ** Keeping software fully up to date
should be standard procedure to minimise risk, but is frequently overlooked
due to complacency or delayed investment. Many applications and operating
systems have an automatic update feature. Ignore update requests at your
peril. If an application does not update automatically, make sure it is
performed manually on a regular basis.

Be vigilant with downloads Visibility over files downloaded from the
internet and received via email is essential. Staff need to be educated on
best practice, including only downloading files from trusted sources and to
be wary of emails and links from unfamiliar sources. Err on the side of
caution, implement a culture of safety first and encourage people to seek
help if uncertain. People are often the weakest link in an organisation’s
cyber security plan, so continual user cybersecurity education and training
is required to combat costly and time-consuming security breaches.

Don’t pay! It is always tempting to pay a ransom. Don’t do it. Every
bitcoin transferred to cybercriminals only builds their confidence and
potentially exacerbates the problem for the future. Remember, the creation,
spread and demand of a ransom for decrypting your data are actions that are
defined as criminal in most countries around the globe. Therefore, report
incidents immediately to the police and authorities.

Initiatives such as No More Ransom have been developed by law enforcement
and IT security companies to disrupt cybercriminal businesses with
ransomware connections. The website offers help to victims of ransomware
and helps to retrieve encrypted data.

Hackers are increasingly using ransomware to hold sensitive corporate data
hostage. The most effective actions you can take include employing an
integrated security strategy, limiting the initial spread of infection by
addressing vulnerabilities quickly, updating systems with the latest
security solutions, and maintaining a rigorous data defence policy to keep
your business compliant.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180206/747d8fa9/attachment.html>

More information about the BreachExchange mailing list