5 actions to protect against ransomware

March 2, 2022

Top cyber authorities have issued a warning: ransomware against critical infrastructure is escalating.

More global incidents occurred in 2021 than ever before, and that trend will continue in 2022, officials say.

Government agencies in the United States, UK and Australia* recently issued a joint Cybersecurity Advisory to alert critical infrastructure sectors. The report shared behaviors and trends observed in the past year as a means to help organizations better protect themselves.

According to the advisory, here are five actions you can take now to protect against ransomware:

1. update your operating system/software graphic

Software is prone to technical vulnerabilities that make computers and networks more susceptible to harm. Fortunately, developers regularly issue updates or patches to resolve known issues.

Unfortunately, cyber criminals are also quick to identify weaknesses. Hackers use malware to exploit flaws and gain access to systems, then networks, and release ransomware.

It’s a tried and true method, and remained one of the top three tactics employed in 2021.

If vulnerabilities are points of entry, think of patches as locks or barriers. Organizations can minimize their exposure to attacks by regularly patching software, computers and network devices.

For proper patch management, you should routinely ensure that software on your system is licensed, supported and up to date. If no longer supported, it should be removed from all devices. Systems should be patched within 14 days of the update being released, especially when the vendor describes the vulnerability as critical or high risk.

2. routinely educate and train employees graphic

Human behavior continues to be a leading cause of security incidents, and the point of entry is most often a phishing email.

Phishing occurs when a threat actor sends a spoofed message designed to trick a user into unknowingly executing malicious actions. A clicked link, for example, can trigger data encryption and deployment of ransomware and other malicious software.

To protect against phishing, companies should invest in employees as their first line of defense.

Training can help staff become more cyber-aware and make better decisions about the content they receive in emails. Phishing exercises can simulate threats and test employees’ abilities to spot spoofed emails.

Organizations should also develop and rehearse an incident response plan. Teach employees how to report a suspicious email and to whom, as well as actions to take during a ransomware incident.

3. secure and monitor remote desktop software graphic

In the aftermath of COVID-19, working from home is more commonplace than ever. While the arrangement offers convenience, it also poses increased security risks.

Cyber criminals are now frequently exploiting weaknesses found in Remote Desktop Protocol (RDP) software. RDP is the function that allows users to connect and access another computer or server using the internet.

It’s an important function for working remotely that also offers a back door to an organization’s systems and data.

If RDP is required by your organization, there are several best practices to follow. First, limit RDP to a specified set of individuals or IP addresses, and limit the resources those systems can access. Monitor access logs and enforce account lockouts after a specified number of attempts.

Ensure approved devices are properly configured with security features enabled. This includes consistent patch management (see #1), firewalls, strong passwords and multifactor authentication (see #5).

4. back up date offline graphic

When working online, data is never truly safe. Thus, a surefire way to keep data well-protected is to store it offline.

Offline or physically disconnected backups of data offer a number of protections and advantages. For example, a completely offline server is essentially hacker-proof. It can’t be cracked into via the network, nor does it offer access to the entire system.

Because a criminal has to physically access your storage–often located offsite under lock and key–it’s easier to monitor. Data in the cloud, however, can span multiple servers or networks, leaving all vulnerable to disruption.

Offline storage also provides quicker recovery. If updated regularly, offline backups can easily restore your organization’s data and allow for continued operations. This also diminishes the threat of cyber criminals hoping to capitalize on your losses.

To keep your information secure, have a dedicated offline server room with a high-security system. Back up your backups and ensure all are encrypted, tested and updated regularly.

5. use multi-factor authentification

Experts agree multi-factor authentication (MFA) is the foundation for strong cybersecurity posture. But what is it?

MFA requires a user to present more than one method of identity verification. For example, first the user must log in with a strong, unique password. Then, an additional element is required to gain access, such as a pin, badge scan or fingerprint.

MFA stops cyber attacks because it creates a substantial obstacle for the cyber criminal. Although a bad actor might successfully acquire a password through phishing, a second verification requiring biometrics, for example, would stop them in their tracks.

Cyber officials recommend requiring MFA for as many services as possible–particularly for email, accounts that access critical systems, and privileged accounts that manage backups.

Experts say cyber criminals’ tactics and and techniques will continue to evolve and grow more sophisticated. However, a few immediate actions can significantly reduce the threat of ransomware.

Some steps require cooperation with IT staff and service providers while others can be carried out by all employees. Information and resources are readily available at stopransomware.gov to help with efforts.

*United States Cybersecurity & Infrastructure Security Agency (CISA), United States Federal Bureau of Investigation, United States National Security Agency, Australian Cyber Security Centre and United Kingdom National Cyber Security Centre