16 Jan / 2022
Cyber Awareness
How to Prevent Ransomware Attacks
Ransomware incidents are becoming prolific in Australia. We’re seeing an increased amount of businesses come to Cythera to help them respond to ransomware attacks or deploy preventative controls after resolving a ransomware attack.
The Australian government‘s announcement of an increase in risk around cyber attacks is being borne out in the field. Organised crime and state-sponsored actors are doubling down on ransomware based attacks, fuelled by a rise in payments of bounties by large corporates and insurers trying to recover data.
In this post we will summarise security measures you can deploy to prepare for a ransomware incident, or if you are unlucky enough to be in the middle of one, some tips in responding.
But first, let’s understand what a ransomware attack is.
What is ransomware?
The Australian Cyber Security Centre, branch of the Australian Governments Signal Directorate, has an excellent overview of ransomware described in this video [watch 1.39min].
Ransomware can be devastating to a business because it denies you access to your systems, files and sensitive data and information.
Often the hackers who lock you out of your systems demand a ransom for its release which both small businesses and large corporations are forced to pay if they have hope of resuming business operations.
How To Prevent Ransomware Attacks
Prepare
Preparing and deploying the below measures to prevent a ransomware attack is definitely better than the cure. Missing even one of the below suggestions can provide cyber criminals a foothold to exploit and breach your network security.
Train your staff – Upskilling staff on cyber security topics and ways to identify potential phishing and scams is a low cost, high return way of protecting your front line.
Deploy multi-factor authentication – Enabling multiple factors of authentication instead of just relying on passwords reaps big rewards from a cyber security standpoint. Deploying multi-factor is not simple and 100% coverage is difficult, but we suggest to start with your critical applications such as Office365 and anywhere client data is stored.
Patch your IT systems – This may seem easy but updating software is often forgotten or delayed when you’re focused on just doing business. Enforcing regular updates on endpoints and servers keeps you ahead of many network vulnerabilities hackers prey on. Be sure to include software such as Office and Adobe in updates.
Backup your files regularly – If you do suffer a ransomware incident, good backups are often the only way you can recover your business. Ensure backups exist in a separate network or offsite completely. Also utilise the inbuilt backup capabilities in Windows 10 and MacOS.
Protect endpoints and servers – Good next-generation antivirus can prevent malware from spreading, and combining it with Endpoint detection and response can help you find bad guys already on your network.
Segment your network – Attackers love big, flat networks. It allows them to move between machines with ease, and infect your entire organisation quickly. Segmenting your network provides controls and a ‘blast radius’ around critical parts of your network. Even separating your corporate IT from any infrastructure and guest networks is a good start.
Monitor – A big part of staying ahead of security incidents is ensuring you’re monitoring your environment. Desktops, servers, infrastructure and cloud environments should all be monitored for anomalies. If you don’t have the resources or cyber security expertise, Cythera’s Managed Detection & Response service is designed specifically to help you.
Incident Response to Ransomware Attacks
In the event you’re responding to a ransomware incident already, here’s a handy checklist of tips you can use to assist you in remedying the situation.
This isn’t an exhaustive list by any means but part of Cythera’s mission is to protect Australian businesses from cyber threats and risk. We don’t want to keep seeing businesses crippled by these sorts of incidents.
If you need to better understand your security readiness to handle a ransomware attack then contact Cythera’s in-house team of Australian cyber security experts who offer:
Threat Hunting at Scale: How Cythera’s Latest Capabilities Enhance Security
We’ve recently seen a rapid evolution in the sophistication of automated cybersecurity applications and functionality. Tools such as Next Gene…
Read MoreThe Perfect 10 - Remote Code Execution in Apache Log4j Requiring Emergency Patching
CVE: CVE-2021-44228 CVSS Score: 10 (Critical)What Is Vulnerable?: Apache Log4j Version 2.15-rc1 or prior. (All version prior to 2.15-rc1 are vu…
Read MoreCommon issues with the ACSC 37 Strategies
Common issues with the ACSC 37 Strategies to Mitigate Cyber Security Incidents The ACSC publication, Strategies To Mitigate Cyber Security Inci…
Read More