calendar_month11/5/2024

Fighting Ransomware: Prevention and Protection in the Digital Environment

In today's digital world, we face many challenges that threaten our cyber security. One of the most dangerous threats is ransomware. Ransomware is a type of malware that, when launched, encrypts data on a device using a secret key known only to the attacker. Although ransomware is not a new cybersecurity risk, it continues to gain attention from organizations, agencies, and governments around the world. Ransomware affected people's ability to get health care, get gas in their cars, and buy groceries. The financial impact of ransomware has been particularly significant in recent years. The tactics used by today's cyber attackers are as varied as their targets. Ransomware gangs can conduct an attack from start to finish on their own, or they can choose to purchase initial access to networks on the Dark Web. Methods used by ransomware gangs to commodify their victims: - **Spam a Phishing:** A common way for ransomware to spread is through bulk generic spam emails and social media links, which can lead to the download of malicious attachments. - **Brute force attacks:** Automated brute force attacks are used to attempt to gain user account privileges on the target network. - **Remote Desktop Protocol RDP:** RDP is vulnerable through software vulnerabilities or by hijacking user accounts that are logged in from a remote site. - **Initial Access Brokers:** Dark web merchants who sell access points to corporate systems, including stolen credentials or Remote Desktop Protocol (RDP) tunnels. - **Multiple extortion:** Confidential data is stolen before being encrypted, and cybercriminals then threaten to publish this information online unless they are paid. ## Prevention against ransomware attacks The first step in prevention is to invest in a program that provides real-time protection and is designed to prevent malware attacks, such as ransomware. The next step is to regularly back up data on an external drive or cloud storage that has high-level encryption and multi-factor authentication. With external hard drives, it is important to always disconnect them from the computer. Furthermore, you need to regularly update your system. It is important to stay informed. Most ransomware attacks are spread through social engineering, so it's important to educate yourself on how to spot malspam, suspicious sites, and other scams. You can reduce the likelihood of ransomware getting onto your device by setting up proper email filters, for example, so that malicious and spam emails are removed. - Disable Remote Desktop Protocol (RDP) if not needed. - Enable Multi-Factor Authentication (MFA) on all remote network access points and enforce an IP whitelist using hardware firewalls. - Use a VPN that meets NCSC recommendations. - Use the least-privilege model for providing remote access. - When a vulnerability is found, it must be patched immediately on all remote access devices. Although there is no foolproof solution to prevent ransomware attacks, a combination of technical and human factors can help minimize the risk and reduce the impact of these attacks. As ransomware attacks continue to evolve and improve, it is important that we remain vigilant and adapt our cybersecurity strategies to stay one step ahead of attackers.

read_moreRead more

Ilkovičova 3, 841 04 Bratislava - Karlova Ves

csirt.fei@stuba.sk

© 2024 CSIRT FEI