Triskele Labs Blog

Here is how you can prevent ransomware attacks

Written by Nick Morgan | Nov 25, 2020 12:00:37 PM

Ransomware is a type of malware in which attackers gain access to a victim’s data, lock and encrypt it, and then demand a payment to unlock and decrypt it for them.

This type of attack takes advantage of human, system, network, and software vulnerabilities to infect your devices, which can be any endpoint like a computer, printer, smartphone, wearable, or POS terminals.

Today, there are many strains of ransomware like WannaCry, Cerber, and Petya. These infect the endpoint devices when the victim clicks a link, visits a webpage or installs a file, application or programme that includes malicious code designed to download and install malware covertly.

Given that this is the kind of environment we operate in, it’s useful to be aware of what ransomware attacks are and how the devices in your organisation can become infected. 

It is, however, more useful to explore ways in which you can prevent and defend against these attacks, which is exactly what we do in this post. 

List your assets in an inventory

The first step to defending against ransomware is to know which hardware and software assets in your organisation are connected to your network. This way, you also discover which devices need to be patched or serviced. 

In the security industry, we tend to recommend passive discovery, given that active discovery can slow your network down. Passive discovery eliminates the issue of network bandwidth consumption and helps you build a comprehensive asset inventory.

Personalise your anti-spam settings

Most ransomware variants are known to spread via eye-catching emails that contain malicious attachments. Some of these attachments might involve file formats used commonly across your organisation.

Configure your webmail server to block attachments like this. File extensions such as .EXE, .VBS or .SCR are a few common examples.

Practise the principle of least privilege

Granting unlimited access to networks and software applications can be hazardous to your company’s security posture. It can also lead to a multitude of errors and other mishaps as a result of your teams using programmes or features they don’t require access to.

To prevent this from happening, configure employee accounts with access privileges that are granted in line with their level of security clearance and work-related requirements. 

Train and educate your teams

Ransomware is introduced regularly through email attachments and links. Arming employees with the knowledge they need to follow through on secure email and browsing habits can prevent many attacks in their tracks.

Train employees on how to recognise phishing attacks and implement best practices through security awareness training. Make this an ongoing practice rather than a one-time effort to make sure that your teams keep up with new threats and maintain secure habits.

Make use of threat intelligence

Ransomware actors continue to devise new techniques, launch new attacks, and create new strains of crypto-malware. 

Considering this reality, you need to make sure that you keep up with what’s going on in the threat landscape and what risks could affect other organisations in the same region or industry. You can do this by following and subscribing to cybersecurity blogs and reputed threat intelligence feeds.

Monitor your network for suspicious activity

Many behaviours including database activities, unusual access patterns, and changes to certain files can indicate that a ransomware attack or security incident is imminent. This allows you to act quickly to block any threat to your security.

In this process, make use of tools to monitor your network for suspicious activity. In this context, companies usually resort to a security operations centre solution, which refers to a security team responsible for monitoring and analysing an organisation’s security posture in real-time. 

You can either implement one within your organisation or outsource this service to a team with the tools and the experience.

Maintain more robust security against ransomware attacks in your organisation

Dealing with the aftermath of a ransomware attack is challenging because it continues to evolve as a threat category. Certain attackers may not even be interested in a ransom and may proceed to share your confidential data on the dark web.

This is precisely why it’s preferable to prevent attacks from happening in the first place, compared to detecting them when they are already underway. 

Get in touch with our team at Triskele Labs and discover how we can help you prevent ransomware attacks and ensure your data protection.