Label

How To 
Prevent Ransomware

The old saying: "An ounce of prevention is worth a pound of cure" is certainly true when it comes to ransomware attacks. Here you'll find effective strategies and tools to help protect against ransomware and prevent ransomware attacks from succeeding.
Home » How To Prevent Ransomware?
Every IT administrator wants to know how to prevent ransomware. Why? Because ransomware attacks represent a relatively easy way for attackers to make money by subverting individuals’ or organizations’ security to access files, and then encrypt them to make them unreadable to their rightful owners and users.

In exchange for payment ...

... (usually in some kind of digital currency, such as Bitcoin) attackers promise to provide a key that will unlock that encryption and restore data access. (Note that the FBI recommends against paying ransoms, because paying them doesn’t always restore locked up data successfully.)
The best way to prevent ransomware attacks is by raising user security awareness. Most such attacks come from hyperlinks in, or attachments to, email messages and social media posts that result in infecting users’ systems with ransomware. Such programs lurk in the background, observing how file systems are organized and used, and then encrypt them wholesale to stymie user access. If users simply avoid clicking suspect links or opening unsolicited downloads, they eliminate the attack vector through which ransomware most often gets introduced onto systems and networks.

Other good ransomware protection techniques include at least three elements.

First, it’s important to keep systems and applications updated, and apply all current security patches and fixes. If known vulnerabilities get patched, attackers have a much smaller attack surface through which they can launch attacks.
Second, it’s vital to use data monitoring and protection tools actively and aggressively to analyze access patterns. There’s seldom a good reason to encrypt all or most files on a computer system. If a pattern of wholesale encryption appears, that’s a major clue to block further such activity and take evasive measures.

Third, best practices dictate ...

...maintaining current backups for all data and systems in immutable form. Because immutable backups cannot be changed, they cannot be encrypted to lock out access, either. In fact, ransom demands may not pop up until ransomware has successfully encrypted all backups, as well as primary copies.
Finally, preventing ransomware involves user education and security awareness. The majority of ransomware attacks originate from phishing emails or malicious email attachments.
Training users to not click links in emails drastically reduces the attack surface for ransomware. That also goes for unexpected email attachments (which should be subject to malware screening and scanning, as well). Limiting exposure to attacks beats recovering from ransomware, every time.
LEARN MORE ABOUT PASSIVE DEFENSE

Passive Defense Strategy

Passive defense is a key part of a strong security foundation. A passive defense strategy secures a network and its assets by limiting or eliminating security gaps. It also reduces exposure to threats through deployment of firewalls, anti-malware protection, intrusion detection or prevention systems (IDS or IPS), data protection systems, and more. The goal of passive security is to provide protection against threats, including ransomware defense, without requiring constant human interaction or monitoring.

Certainly, IT must still monitor systems ...

... and networks, and perform regular maintenance, including installing patches, fixes, and updates, and responding to alerts. But security teams don’t have to watch everything, all the time, to maintain a strong security posture.
In a sense, passive cybersecurity is like a security system in a home or a business. It secures the premises with sensors, cameras, and alarms without requiring a watchman to be physically present all the time. A good passive defense strategy makes use of a wide range of inspection, detection, and monitoring tools. It also uses threat intelligence to help recognize and prioritize potential threats, and to react as signs of clear and present danger manifest themselves.
The key idea is to use technology as much as possible to provide a first line of defense that blocks or handles obvious threats rapidly and automatically.
LEARN MORE ABOUT PASSIVE DEFENSE STRATEGY

Get More About Ransomware Delivered
Directly To Your Inbox?

Sign Up To Receive Our 
Monthly Ransomware Newsletter

Don't Worry, We Hate Spam Too!

Threat Hunting 
for Ransomware

Threat hunting for ransomware consists of analyzing and understanding patterns that specific attacks follow as they start, and as they proceed into the file encryption stage. This is typically done by a trained ransomware hunting team.

Artificial intelligence and human ...

... cybersecurity analysts can compile various patterns and behaviors during attack phases and seek them out. If they can detect an attack in its early phases, they can often fend it off before access to systems is affected.
A ransomware attack normally follows six stages. If systems or the ransomware hunting team can detect an attack before it gets to stage five (encryption), it can be fended off without loss of access, services, or capability.

1. Campaign:

Initial attack is mounted through various channels, typically a phishing email with a link to (or an attachment containing) malware.

2. Infection:

Malicious code is downloaded and executed, and ransomware gets underway.

3. Staging:

Malware connects to a command and control server, which sends commands to the infected system, as well as an encryption key.

4. Scan:

Malware scans the computer to target files to encrypt, which may include cloud files, network file shares, and other common items. This can take hours, depending on the number of items involved.

5. Encryption

With a complete inventory, ransomware starts encrypting files. Cloud and network files get copied, encrypted, and copied back to their original locations. Unencrypted copies are deleted.

6. Payday:

All key files are now encrypted, inaccessible to users and owners. The attacker demands payment, and the victim has to decide whether or not to pay.
Threat hunting involves analyzing network traffic and endpoint activity to seek indications of compromise and attack. For most malware, persistence mechanisms provide proof that attack is underway. Thus, threat hunting techniques involve finding and analyzing unique and suspicious persistence mechanisms on a system.
LEARN MORE ABOUT THREAT HUNTING

Current Ransomware 
Prevention Tools

Ransomware is getting more sophisticated, and attacks are on the rise. Fortunately, the ways to protect from these attacks are also getting better. Here are five important tools organizations will find helpful, and even essential, in fending off and preventing ransomware attacks.

Immutable Backup:

A backup that cannot be changed or altered is a backup that cannot be encrypted to prevent user access.

Data Protection:

Data protection observes patterns of data access and usage, and blocks data exfiltration and unwanted or wholesale data encryption (a powerful warning that ransomware attack may be underway).

Phishing Protection:

Phishing attacks come in the form of unsolicited emails and suspect social media posts, including malicious links or attachments. They’re best countered through content filtering and employee training.

User Security Awareness:

An effective training and testing regime explains potential threats to users, then exposes them to potential (but inactive) threats to make sure they practice safe computing.
Threat Intelligence: Threat intelligence keeps organizations apprised about active and emerging threats in the wild, to help recognize them and fend them off (or remediate them).
LEARN MORE ABOUT RANSOMWARE TOOLS

If You Liked This, You'll Love The Free 313 Page Book:
Ransomware: Understand. Prevent. Recover
Download It Here

Get the Book 
in Your Inbox

Download The 
"How To Prevent Ransomware"
Cheat Sheet

Grab this free PDF resource on how to prevent Ransomware
DOWNLOAD THE PDF

Share This Resource With Others

Embed The "How To Prevent Ransomware" resource on your site or blog using this code.

Share this Infographic On Your Site

envelope
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram
Share via
Copy link
Powered by Social Snap