Ransomware
attacks have grown up exponentially amid COVID-19, as cybercriminals
take advantage of the new work-from-home world and target vulnerable
industries and populations.
Ransomware
penetrates an organization’s IT infrastructure through phishing
emails or endpoint vulnerabilities and then encrypts files, holding
data hostage until a fee is paid to decrypt them. The FBI has deemed
ransomware the fastest growing malware threat, causing significant
revenue loss, business downtime and reputational damage.
Therefore, Protect Your
Network From Ransomware by following the best practices below.
1.
Backup files regularly
Backup
all important files on regularly basis to an offsite server is
recommended. Automatic backup systems of operating Systems(Windows ,
Linux) can be used for this purpose to backup data on daily basis.
For
any sensitive data , ensure the backed-up data is encrypted to
prevent data theft.
2. Security awareness programs for employees
Awareness
sessions for employees to improve level of knowledge regarding
information security. could be one of the best forms of defense.
Such
sessions should focus on ;
-
Introduction
about ransomware
- How
to identify ransomware or if a machine is infected
-
Further
steps - if a suspected ransomware attack is identified in office
or work from home environment.
-
prevention
tips for ransomware
3.
Use of EDR(Endpoint Detection and Response) solution for endpoint
protection.
EDR
solution provide facility to manage security of the end points with
proactive threat hunting and response. Advance EDR solutions provide
Machine learning, Deep Learning based methodologies to accurate
threat hunting. In addition Device control such as USB storage
control, Network firewall for end points, system lock down or
isolation facilities, sandboxing features are provided with the EDR.
4.
Segment the System/Network
Segmenting the Network will help to reduce spreading a threat across the entire network. We can keep critical servers and application in an isolated separate network to limit the spread.
5. Apply updates and patches regularly and promptly
Systems, applications and devices should be updated to the latest version from reliable source. This will ensure the system Security without exposing security weaknesses to attackers.
6.
Proper use of login credentials.
Ensure
that no easy platform is provide for ransomware or other malware by
following best practices when login in to systems or handling
credentials.
-
Do
not use superuser/root user account to login to the system or
server.
-
Use
a regular non-admin account for web browsing, opening documents, and
regular work.
-
When
sending user login to someone use 2 different communication channels
(email,SMS,Messenger,WhatsApp ...) to send username/login and
password. And send it without mentioning keyword like “username”
,”password” ,”login” etc.
REFERENCES:
[1]https://www.techcert.lk/en/knowledge-base
[2]https://www.justice.gov/criminal-ccips/file/872771/download
[3] https://go.tenable.com