Recently I read a news article about a listed IT services company facing a ransomware attack. The FBI reported an increase from 1,000 daily calls for cyber-attacks to 4,000 after the COVID-19 Pandemic declaration. Google says it blocks 18 million COVID-19 scam emails and 240 million COVID-19 spam messages every day. About 40% of phishing attacks have a greater impact since they carry ransomware infections. As nearly 100% of office employees are working from home, the threats are greater than ever before.
As a security advisor, I have spoken about this topic at multiple forums and feel it is important to help clients understand what ransomware is and how they can readily manage this situation.
What is Ransomware
Ransomware is a malicious software program (Malware) that seeks to infect machines, blocking access to read files, boot zones, devices as such, and in general any type of critical feature to claim or ask for a reward to release said features already mentioned.
What is the cause of Ransomware Attacks?
- Navigation: Browsing malicious sites and downloading plugins.
- Phishing: Getting an email with links that look like trusted sites and making users compromise their security.
- External drives: Plugging external infected drives to your machines and getting infected.
- Downloading Malicious content: Downloading music, free software, .exe from untrusted sites
- Social Engineering: By social engineering techniques that convince the user to be a trusted provider and execute the malicious action.
- P2P Connections: P2P connections for music download or free software.
How to proactively prevent Ransomware Attacks?
- Backups Have a strict backup policy so that if you are a victim you can recover from the attack.
- Awareness: Educate users to
- Always validate the legitimacy of the sites they browse
- Do not download software from an untrusted P2P network
- Simulate phishing attacks to check end user preparedness
- Do not open links or attachments of emails whose origin is unknown.
- On cell phones, enable the option to only download from reliable sites
- EDR: It is important to go ahead with next-generation AntiVirus (NGAV) and Endpoint Detection and Response (EDR) with proactive protection.
- Centralized Teleworker Policy Deployment: Ensure teleworkers have the right level of policy controls on their website, application and data governance
- Threat Assessment: Continuous validation of vulnerabilities on eend points.
If you need more help, please reach out to the ETEK advisory team. We can assess the gaps, provide solutions to fix the issues, and perform proactive simulated attacks to test the resilience of your architecture. Please contact at [email protected]
Ivan Camilo, Etek’s director for advisory services aksi contributed to this piece.