11 Sep / 2020
[Updated March 2021] Ransomware incidents are becoming prolific. We’re seeing a steady stream of Australian businesses come to us to help them respond to ransomware incidents (we’ve had several in the last week alone), or deploy preventative controls after mopping up an attack.
The Australian government‘s announcement of an increase in risk around cyber attacks is being borne out in the field. Organised crime and state-sponsored actors are doubling down on ransomware based attacks, fuelled by a rise in payments of bounties by large corporates and insurers trying to recover data.
This post attempts to summarise some of the steps you can take to prepare for a ransomware incident, or if you are unlucky enough to be in the middle of one, some tips in responding.
Preparing and hopefully preventing a ransomware attack is definitely better than the cure. Most of these suggestions are not groundbreaking, but are missed by organisations time and time again.
Train your people – Upskilling staff on cyber security topics and ways to identify potential phishing and scams is a low cost, high return way of protecting your front line.
Deploy multi-factor authentication – Enabling multiple factors of authentication instead of just relying on passwords reaps huge rewards from a security standpoint. Deploying multi-factor is not simple and 100% coverage is difficult, but start with your critical applications such as Office365 and anywhere client data is stored.
Patch your systems – This again seems easy but is often forgotten about when you’re focused on just doing business. Enforcing regular updates on endpoints and servers keeps you ahead of many vulnerabilities. Be sure to include software such as Office and Adobe in updates.
Backup regularly – If you do suffer a ransomware incident, good backups are often the only way you can recover your business. Ensure backups exist in a separate network, or offsite completely. Also utilise the inbuilt backup capabilities in Windows 10 and MacOS
Protect endpoints and servers – Good next-generation antivirus can prevent malware from spreading, and combining it with Endpoint detection and response can help you find bad guys already on your network.
Segment your network – Attackers love big, flat networks. It allows them to move between machines with ease, and infect your entire organisation quickly. Segmenting your network provides controls and a ‘blast radius’ around critical parts of your network. Even separating your corporate IT from any infrastructure and guest networks is a good start.
Monitor – A big part of staying ahead of security incidents is ensuring you’re monitoring your environment. Desktops, servers, infrastructure and cloud environments should all be monitored for anomalies. Managed Detection & Response is built specifically for this requirement.
In the event you’re responding to an incident already, here’s a handy checklist of tips you can use to assist you in responding.
This isn’t an exhaustive list by any means but part of Cythera’s mission is to protect Australian businesses from cyber threats and risk, and altruistically we don’t want to keep seeing businesses crippled by these sorts of incidents.
Parts of the above tips have been taken from our Security Platform as well as our Managed Detection & Response capability. If you need assistance with protecting your business or detecting and responding to cyber threats reach out to our team.
Cyber Threats and the Israel-Hamas War
This threat landscape SOC Note does not cover any details of the ongoing ground war. Links to sources that contextualise the Israel-Hamas war ha…Read More
The 15 most important cybersecurity topics that every CEO needs to know in 2023.
With the New Year on its way, a number of Australian organisations are reflecting on the past year and wondering what they can be doing to impro…Read More
Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities
Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities CVE: CVE-2022-27510, CVE-2022-27513 and CVE-2022-27516What is Vuln…Read More