5 Ways to Defend Against Ransomware
While some may have once considered ransomware to be more of an inconvenience than a major threat, that is certainly no longer the case. It has now developed into a multi billion-dollar industry that can have a devastating impact upon its targets.
As instances of ransomware attacks increase, there are some things that you should be doing right now to help defend yourself.
- Be Prepared
You need to have a plan if you are targeted, as it may simply be a matter of time before it happens. Ask yourself what you would do in the event of an attack and start planning an appropriate response. During your planning, assume that you will lose data. How does that affect you and what can you do to return to normal operations?
- Teamwork is Essential
Ransomware has far-reaching consequences for your business. Accordingly, your various departments must work together to defend against an attack. Your different teams will each play a role. For example, system and server administrators can audit your Active Directory environment, while network engineers, being responsible for uptime and traffic flow, can identify where packets can or cannot go in an environment. Your legal team can clarify the company’s position on ransomware and detail any contingencies that are in place.
And of course, everyone must also work with the security team.
- Perform Audits and Place Limits on Highly Privileged Accounts
When an attack is made on an organization, the attackers will very quickly try to gain the credentials of a highly privileged account. This will allow them to move freely around your system executing commands, establishing persistence, and more. Many organizations have many of these accounts, which works in the attacker’s favour.
Attackers have several tools available to them that allow them to find a quick path to a domain-administrator account. What works in your favour is that these tools can also be applied to audit accounts and place limits on those with too many privileges.
- Make Use of Built-In Protection For Accounts
As a follow-up to the previous point, once you have performed an audit and placed limits on highly privileged accounts, you should then be using built-in protections such as Credential Guard and Remote Credential Guard for Windows 10, which will reduce the possibility of credential theft.
Many organizations do not make use of the protections that they have available. Most of the methods used by attackers are well known and can be defended against using these protections.
- Run Simulations
You can, and should, use open-source tooling or a security vendor to run a simulation. Test yourself and focus on the early stages of an attack, such as credential theft. What does the simulation reveal? This type of testing, done frequently, will reveal where you have weaknesses that need addressing.
Defending against ransomware requires that you take a more active approach to defence. Test, adjust, and test again. Be aware of your security and your environment so that you can minimize the effect of any ransomware attack.
For protection against ransomware attacks, reach out to Safe Harbour.