How do you stay on top of Ransomware threats?

Unfortunately, the chance of having to deal with ransomware sooner or later is still increasing rapidly.
It is therefore good to be optimally prepared, in order to keep the nasty consequences of ransomware at bay.
Based on our own daily practice and the recommendations of our Partner Veaam, we hereby share a number of recommendations that help to get a grip on ransomware threats.

The five golden rules for achieving this are:

1 Be aware where an attack can take place
2 Take your measures by protecting
3 Find out what's going on as soon as possible
4 Don't wait, take your measures
5 Work according to a plan to recover quickly from a ransomware attack.

1 Be aware where an attack can take place
Determine which networks are active within your organization and identify where attacks can take place.
Of course, vulnerabilities where access to the core of your company information is possible are the entrances that ransomware targets.
These places are now not limited to the networks that are completely under the control of the internal IT staff.
Partly as a result of increased home working, the company networks have branched out to external locations.

PS: In order to keep a good grip on what is happening in your network, it is advisable to use monitoring and management tools.
Smart management software such as the tools we recommend: Paessler RPTG and NinjaRMM

Technology alone cannot protect the organization sufficiently.
Staff will have to be aware of security risks, and
- preferably regularly trained in the safe use of IT and Data,
- gain some experience in recognizing risks such as "strange messages" and
- know how and where to report potential incidents.
It is also advisable, if at all possible, to test employees with phishing simulations.

What do we do ourselves? Internally, we hold security awareness sessions at MiniDis/TotalDesk every quarter, in which we pay serious attention to security with the entire staff.

Take a look at your disaster recovery plan (which I hope your organization has in place) in light of a ransomware attack.
Describe which IT and Information related processes are most important to guarantee the continuity of your organization.
Ransomware focuses on "hostage" of digital information, your digital assets. So make sure you know what you have and what is really important.
Develop a plan to protect, keep up, or quickly recover these processes and information.
Record who the contact persons are and what actions everyone should take in the event of an emergency.
Add this scenario to the disaster recovery plan or business continuity plan and ensure that it is always available and accessible externally.

What do we do ourselves? We have housed our IT environment in 2 separate private cloud Data Center environments (redundant)

2 Take your measures by protecting
Develop and implement the right security to keep critical infrastructure running.
Make sure you are always able to minimize the impact of a cyber attack.
However, this is often easier said than done. Especially within small and medium-sized SME companies, the necessary up-to-date security knowledge is often lacking internally.
This is why more and more organizations outsource IT security advice and/or management to specialists, such as with the MiniDis Management Services division Totaldesk.
But outsourcing also does not absolve organizations from the "duty" of training staff in cybersecurity, as it remains a highly effective way to take security to the next level.

What other measures?
- make sure everyone uses unique passwords that are changed regularly
- use multi-factor authentication e.g. using smartphones
- remove devices, applications and identities that are no longer used.

And ensure that the IT doors remain properly closed by applying:
- Firewall(s)
- VPNs
- Anti Malware, Virus, Ransomware etc.

Speaking of open doors here's another one:
- Make backups!

Use the 3-2-1-1-1-0 rule:
- make at least three copies of all important data you have.
- Store your backup data on two different media types and keep one of them in a third location. You achieve a higher level of security by encrypting data and only using infrastructure that is 'secure by design'.

PS: A backup is only successful if recovery is possible with it. Regularly testing whether a backup can be successfully restored is an essential part of your recovery planning.

3 Find out what's going on as soon as possible
Being able to detect cyber attacks in a timely manner is an important step in setting up a robust cyber strategy. The faster an incident is discovered, the faster action can be taken. The faster the successful action, the smaller the impact with harmful consequences.
Install detection systems: The biggest risk is that malware can spread to other systems at lightning speed. Understanding potential ransomware is paramount. Set up timely alerts when you start defending yourself against viruses, malware and ransomware.
Place virtual tripwires: When you spot suspicious activity, virtual tripwires, such as an unused admin account with alarm functions, can help you raise the alarm quickly!

4. Respond: Don't wait, take measures
The response function helps users develop techniques to limit the impact of cyber attacks by developing and implementing the right actions.
Create and Incident Response Plan: Describe procedures for discovering, communicating, monitoring, and resolving security incidents so employees know how best to respond to cyberattacks when they happen.
As management, be calm and trustworthy: Never blame IT teams or other employees for a break-in. It does not help in responding well to the incident and only creates more and unnecessary fear and stress. Stay calm and get the right people together to implement the incident response plan as quickly as possible.

5. Recovery
Unfortunately, not all cyber-attacks can be effectively averted. So make sure you have a recovery strategy for those situations where your defenses are breached.
Put your recovery strategy on paper: prioritize action points that you need to take for optimal recovery. Make sure that your data is backed up and, above all, that an attacker does not have access to it.

What do we do ourselves?: Especially with the dangers of ransomware in mind, MniDis/TotalDesk has revived an old but trusted backup method. We use an ultra modern tape with the highest backup density in our data center.
Because the backup data cannot be accessed online, this method offers a sufficient remedy against ransomware.

Design your recovery: Backup systems should be designed with recovery goals in mind (much more than just focusing on the amount of time it takes to create a backup). Determine which SLAs you want to maintain for recovery based on the RPO and RTO values ​​that are acceptable to you.

Ransomware in the hands of savvy cybercriminals provides more and more opportunities to encrypt your data and make ransom demands, destroy data or sell it. Having methods to recover your data is the only right answer to Ransomware, but also the only choice available.

PS: Contrary to what many people think, the data that is stored in Microsoft 365, for example, is not protected by a backup. System recovery of your Outlook mail and company data in, for example, Sharepoint is only possible via your own backup of the Microsoft Cloud environment, for which MiniDis in particular with Veeam offers a very reliable solution.

And one last call! Pay ransom? Don't think so, and if you have taken the above measures seriously, it is often not necessary.

Three TIPS
- Make sure you are prepared together with the staff: Aware of weaknesses and recognize incidents.
- Don't wait and act according to plan. Ensure there is sufficient available security knowledge internally or on demand.
- Have backups that always make recovery possible
  Hans Noort     10-11-2021 13:13     Comments ( 0 )
Comments (0)

No comments found.