The Six Best Practices to Prevent Ransomware Infection

While the FBI is reportedly tracking as many as 100 variants of ransomware, most ransomware vectors follow a common thread.

Ransomware needs no introduction and is?perhaps the most damaging and widespread form of cybercrime ?in years. Several?high-profile businesses ?fell hostage to ransomware in the first half of 2021, with?U.S. agencies ?now prioritising ransomware incidents as serious acts of terrorism.?

In 2020, attack incidents grew by?800 percent, ?and 73 percent of those attacks were successful. In 2021, researchers reported a?two-fold ?rise in ransomware-led cybercrime.?

Attack techniques and common root causes

While the FBI is reportedly tracking as many as?100 variants ?of ransomware, most ransomware vectors follow a common thread. Here are the top attack vectors:

• Targeted attacks:?Attackers deliberately target businesses with a motive to inflict damage, cause reputational harm, exfiltrate sensitive information, extract a ransom payment, or all of the above. For example, a new malware that deliberately destroys data on infected devices, AKA?wiper ransomware , is used to carry out espionage and destroy information.
• Supply chain attacks:?Modern enterprises have strong defences and mature processes in place, but intermediaries and third-parties sometimes do not. The?growth ?in supply chain attacks proves attackers are fully aware that supply chains can be leveraged to get a foot in the door of the target organisation. The European Union Agency for Cybersecurity predicted supply chain attacks would?quadruple ?in 2021 compared to 2020.
• Unintentional attacks:?There’s always a possibility for victims getting infected by clicking on a mass phishing email, visiting an infected web page, downloading a malware-laced file or application, or through collateral damage resulting from a ransomware attack on a partner organisation. In the case of a?double extortion , when a mental therapy centre was attacked by ransomware, the extortionists leveraged the stolen data and heartlessly blackmailed patients.?

Ransomware is a symptom of an infection, and infections are the results of?common root causes ?that include:

• Spam/phishing emails:?This is by far one of the most prevalent social-engineered threat vectors and root causes of ransomware.?
• Poor user practices:?Victims lack security awareness, are careless in their online behaviour, and do not practice the art of healthy scepticism. This habit eventually leads to a malware infection.
• Weak passwords:?Poor password management ?is also a common root cause of ransomware attacks. Password reuse is a common phenomenon, and credentials are often stolen by hackers and sold on the?dark web . The ransomware attack that took down the?Colonial pipeline ?last year was the result of a compromised password.

Preventing ransomware infection

Let’s face it, no one is immune from ransomware. Having said that, organisations that prepare for this eventuality are in a better position to defend, respond, recover, and survive. Here are six best practices that can help prevent a ransomware incident:

1. Always backup your data:?Although backups are a contingent strategy, it’s always a good idea to have these ready in case an infection breaks out. It’s recommended that backups are tested regularly and remain isolated from the rest of the network to avoid spread of contagion. That said, backups don’t stop blackmailers from extorting a ransom. Most ransomware families?exfiltrate ?data, rendering backups relatively worthless.?
2. Patch regularly:?Attackers thrive on exploiting known vulnerabilities, and therefore businesses must ensure they update their software regularly as these often contain security fixes.?
3. Keep your inventory in check:?Maintain a comprehensive list, detailing all your asset inventory (e.g., software, hardware, cloud). This can help identify vulnerable devices and unpatched software that can lead to ransomware infections.?
4. Train users on security best practices:?Ensure your users undergo regular security awareness training, which can help them develop muscle memory to identify and report suspicious activity. Users are usually the weakest link in cyber security, however, regular investment in security training can reduce risky behaviour, boost cyber security hygiene, and eventually turn users into your strongest defence.?
5. Invest in technical controls:?Next-gen firewalls, endpoint detection and response, multi-factor authentication, data leakage prevention, anti-spam, and password managers are important tools that businesses should leverage to boost their defences. It’s also a good idea to disable Remote Desktop Protocol or limit it to only select authorised users as these are?regularly hijacked ?in ransomware attacks.?
6. Leverage cyber insurance:?One of the major benefits often overlooked by businesses is that insurance companies typically conduct due diligence of their client’s cyber security posture as part of their underwriting process. Such audits root out systemic weaknesses and reduce systemic risk for both parties. In case of a ransomware incident, insurers can provide experienced ransomware negotiators and offer other mitigation services that can help restore the business back to its original state.

If you are hit by ransomware, contact law enforcement agencies immediately. Contact your local FBI?field office ?or the?Internet Crime Complaint Center . Paying the ransom will only encourage further attacks, which is why?federal regulators? are now considering a ban with associated penalties on companies that facilitate ransomware payments, including cryptocurrency exchanges. More advice on ransomware response strategies can be found at the government?CISA ?website.

Learn how the ISF can support you in preventing attacks and making your organisation a less attractive target, with the ISF Ransomware Support hub: