•   
  •   
  •   

Technology 9 tips to protect your organization against ransomware

15:10  01 april  2021
15:10  01 april  2021 Source:   techrepublic.com

Ransomware: Sharp rise in attacks against universities as learning goes online

  Ransomware: Sharp rise in attacks against universities as learning goes online Higher education is struggling with ransomware attacks, with gangs seeing an easy target in institutions busy making the switch to remote operations.The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks.

a close up of a person using a laptop computer: Image: vchal, Getty Images/iStockphoto © Provided by TechRepublic Image: vchal, Getty Images/iStockphoto

Ransomware attacks continue to gain traction among cybercriminals who find them a popular and profitable business, and for a few different reasons. Security vulnerabilities and exploits pave the way for data breaches as the initial step toward ransomware. Many organizations still fail to adequately protect their critical assets. Further, more attackers employ a double-extortion tactic in which they vow to leak the stolen data publicly if the ransom goes unpaid.

SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

How ransomware is evolving as a threat to organizations

  How ransomware is evolving as a threat to organizations Cybercriminals know they can make money with ransomware and keep getting bolder with their demands, says Palo Alto Networks' Unit 42.The number of victimized organizations hit by each ransomware family with their data publicly leaked in 2020.

More about cybersecurity

  • 10 fastest-growing cybersecurity skills to learn in 2021
  • Meet the hackers who earn millions for saving the web
  • Top 5 programming languages for security admins to learn
  • End user data backup policy (TechRepublic Premium)

A report released Tuesday by cyber threat intelligence provider Check Point Research looks at the latest trend among ransomware attacks and suggests some tips on how to combat them.

The past six months have seen an increase in the number of attacks involving human-operated ransomware, such as Maze and Ryuk. In these cases, the victims have to negotiate directly with the criminals who launched the attack. Over the same period, the number of organizations affected by ransomware jumped by 57%, according to Check Point, reaching a total of 3,868. In 2021, that volume has risen another 9% per month so far.

Ransomware gangs have found another set of new targets: Schools and universities

  Ransomware gangs have found another set of new targets: Schools and universities National Cyber Security Centre issues advice on how to protect networks from cyber criminals after a spike in ransomware attacks causing disruption across the education sector over the last monthThere's been a spike in ransomware attacks targeting schools, colleges and universities, the UK's National Cyber Security Centre (NCSC) has warned.

More ransomware attacks are exploiting vulnerabilities in Microsoft Exchange, most notably in light of the recent Exchange hack that has impacted many organizations. Over the past week, the number of attacks involving Exchange Server has tripled, according to Check Point. The most targeted industries have been government and military, manufacturing, and banking and finance. The most targeted country has been the U.S. (almost half of all such Exchange exploit attempts), followed by the U.K., the Netherlands and Germany.

The infamous WannaCry ransomware worm has emerged as a more prevalent threat. Since the start of 2021, the number of organizations around the world affected with WannaCry surged by 53%. Check Point discovered more than 40 times more affected organizations in March 2021 compared with those in October 2020. The latest strains of WannaCry use the EternalBlue exploit to propagate. Given that a patch for this exploit has been available for more than four years, this tactic shows why organizations need to patch their systems as quickly as possible.

Ransomware crooks are targeting vulnerable VPN devices in their attacks

  Ransomware crooks are targeting vulnerable VPN devices in their attacks Researchers at Kaspersky detail how hackers were able to get hands-on and compromise a whole network with Cring ransomware. At this point, a note by the attackers tells the victim their network has been encrypted with ransomware and that a ransom needs to be paid in Bitcoin to restore the network.While there's no information on how the incident at the European industrial facility was resolved, researchers note that the failure to apply the security patch to protect against a known vulnerability was the "primary cause" of the incident.

To protect your organizations and assets from ransomware, Check Point provides the following nine tips:

  1. Back up all data. Back up your company's data regularly. If something goes wrong, you should be able to quickly and easily revert to a recent backup. This won't protect you from being the target of an attack. But if you're ever attacked, the fallout won't be nearly as devastating.
  2. Keep software updated. Ransomware attackers sometimes find an entry point within software by exploiting any vulnerabilities. Fortunately, some developers actively search for new vulnerabilities and patch them. Adopt a patch management strategy and ensure that all team members are constantly aware of the latest updates. WannaCry relies on unpatched systems to spread. The patches for the vulnerability have been around for four years, yet evidently many organizations still haven't applied them.
  3. Use better threat detection. Most ransomware attacks can be detected and resolved before it's too late. To maximize your chances of protection, have an automated threat detection system in place.
  4. Adopt multi-factor authentication. Multi-factor authentication forces users to verify their identities in multiple ways before they're granted access to a system. If an employee's password is ever leaked to a criminal, the attacker won't be able to gain easy access to your systems.
  5. Use the principle of least privilege. Employees should never have more access to data than they truly need. Segmenting your organization and restricting access can provide a kind of quarantine effect, minimizing the impact of a potential attack and limiting the vectors of access.
  6. Scan and monitor emails and file activity. Emails are the default choice of cybercriminals running phishing schemes. Scan and monitor emails on an ongoing basis, and consider deploying an automated email security solution to block malicious emails from reaching users. Also, consider scanning and monitoring file activity.
  7. Improve employee training. Most ransomware attacks are the by-product of bad employee habits or pure ignorance. Someone may voluntarily give out their password or download an unfamiliar file. With better employee training, the chances of this happening are much lower.
  8. Don't pay the ransom. If your organization happens to be the victim of a ransomware attack, don't pay the ransom. It might seem tempting to get out of this bad situation as quickly as possible. But even after paying the ransom, there's no guarantee the attacker will be true to their word.
  9. Use anti-ransomware solutions. To achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files. Protecting against ransomware that "slips through the cracks" requires a specialized security solution. Anti-ransomware solutions monitor programs running on a computer for suspicious behavior commonly exhibited by ransomware. If these behaviors are detected, the program can stop any encryption before further damage is done.
a close up of a person using a laptop computer: Computer security and hacking concept. Ransomware virus has encrypted data in laptop. Hacker is offering key to unlock encrypted data for money. © vchal, Getty Images/iStockphoto

Computer security and hacking concept. Ransomware virus has encrypted data in laptop. Hacker is offering key to unlock encrypted data for money.

Ransomware is now a national security risk. This group thinks it knows how to defeat it .
Recommendations ranging from additional support for victims to regulating Bitcoin to prevent it being used to extort payment aim to help protect society as a whole from being plagued by ransomware attacks.Ransomware is a growing international problem and it needs global cooperation in order to prevent attacks and take the fight to the cyber criminals behind the disruptive malware campaigns.

usr: 0
This is interesting!