Protect Your Network From Ransomware




Ransomware attacks have grown up exponentially amid COVID-19, as cybercriminals take advantage of the new work-from-home world and target vulnerable industries and populations.

Ransomware penetrates an organization’s IT infrastructure through phishing emails or endpoint vulnerabilities and then encrypts files, holding data hostage until a fee is paid to decrypt them. The FBI has deemed ransomware the fastest growing malware threat, causing significant revenue loss, business downtime and reputational damage.

Therefore,  Protect Your Network From Ransomware by following the best practices below.


1. Backup files regularly

Backup all important files on regularly basis to an offsite server is recommended. Automatic backup systems of operating Systems(Windows , Linux) can be used for this purpose to backup data on daily basis.

For any sensitive data , ensure the backed-up data is encrypted to prevent data theft.


2. Security awareness programs for employees

Awareness sessions for employees to improve level of knowledge regarding information security. could be one of the best forms of defense.

Such sessions should focus on ;

  • Introduction about ransomware 
  • How to identify ransomware or if a machine is infected
  • Further steps - if a suspected ransomware attack is identified in office or work from home environment.
  • prevention tips for ransomware


3. Use of EDR(Endpoint Detection and Response) solution for endpoint protection.

EDR solution provide facility to manage security of the end points with proactive threat hunting and response. Advance EDR solutions provide Machine learning, Deep Learning based methodologies to accurate threat hunting. In addition Device control such as USB storage control, Network firewall for end points, system lock down or isolation facilities, sandboxing features are provided with the EDR.


4. Segment the System/Network

Segmenting  the Network will help to  reduce spreading a threat across the entire network. We can keep critical servers and application  in an isolated separate network to limit the spread.


5. Apply updates and patches regularly and promptly


Systems, applications and devices should be updated to the  latest version from reliable source. This will ensure the  system Security without exposing    security weaknesses  to attackers.


6. Proper use of login credentials.

Ensure that no easy platform is provide for ransomware or other malware by following best practices when login in to systems or handling credentials.

  • Do not use superuser/root user account to login to the system or server.
  • Use a regular non-admin account for web browsing, opening documents, and regular work.
  • When sending user login to someone use 2 different communication channels (email,SMS,Messenger,WhatsApp ...) to send username/login and password. And send it without mentioning keyword like “username” ,”password” ,”login” etc.



REFERENCES:
[1]https://www.techcert.lk/en/knowledge-base
[2]https://www.justice.gov/criminal-ccips/file/872771/download
[3] https://go.tenable.com

1 Comments

Note: Only a member of this blog may post a comment.