4 Ways Organisations Can Protect Themselves Against Ransomware

With the ‘as a service’ business model gaining increased popularity with the convenience and agility of service offerings, it isn’t surprising to see this model being used by cybercriminals for nefarious purposes. Ransomware as a service (RaaS) involves cybercriminals purchasing and selling access to ransomware payloads, leaked data, RaaS “kits,” and many other tools on the dark web. Microsoft, in their Cyber Signals Report, discovered that in more than 80 per cent of ransomware attacks, cybercriminals exploited common configuration errors in software and devices. This means that ransomware actors are not using any new and novel techniques. Their attacks follow a template of initial access via malware infection or exploitation of a vulnerability then credential theft to elevate privileges and move laterally. 

The ease of RaaS for cybercriminals means it will continue to remain a challenge for organisations worldwide in the near future. Companies that limit their hunting efforts to looking for signs of just the ransomware payload are at a greater risk of a successful breach and extortion. 

With cyberattacks getting more sophisticated, and the criminals behind them growing bolder every day, here are four simple ways in which organisations can protect themselves from ransomware:  

1.Authenticate Identities 

More than malware, attackers need credentials to succeed. In nearly all successful ransomware deployments, attackers gained access to privileged, administrator level accounts granting broad access to an organisations’ network. Using Multifactor authentication (MFA) on all accounts is encouraged, and administrator and other sensitive roles must be prioritized. Passwordless authentication like FIDO keys or Microsoft Authenticator for apps that support it will also help ensure a secure experience.

2.Address Security Blind Spots

In almost every observed ransomware incident, at least one system exploited in the attack had missing or misconfigured security products that allowed intruders to tamper with or disable certain protections. Like smoke alarms, security products need to be installed in the correct spaces and tested frequently. It is critical that organisations verify that security tools are operating in their most secure configuration, and that no part of a network is unprotected.

3.Harden Internet Facing Assets

Users might use a popular app for one purpose, but that doesn’t mean criminals can’t weaponise it for another goal. Too often, “legacy” configurations mean an app is in its default state, allowing any user wide access across entire organizations. Don’t overlook this risk or hesitate to change app settings for fear of disruption. Duplicative or unused apps can be deleted to eliminate risky, unused services. Users should also be mindful of where they permit remote helpdesk apps like TeamViewer. These are notoriously targeted by threat actors to gain access to laptops.

4.Keep Systems Up To Date

It’s a cliché, like “Eat your vegetables!” – but it’s a critical fact: The best way to harden software is to keep it updated. While some cloud-based apps update with no user action, companies must apply other vendor patches immediately. In 2022, Microsoft observes that older vulnerabilities are still a primary driver in attacks. Making software inventory a continuous process and keeping track of what is being run and prioritizing support products goes a long way in ensuring security. Using the ability to patch quickly and conclusively to gage where transitioning to cloud-based services is also beneficial.

Image Credit: Microsoft