Last year, several federal agencies, including the HHS and the FBI, issued a joint cybersecurity advisory, warning healthcare organizations against an increased and imminent cybercrime or ransomware threat. The advisory warned of Russian cyber criminal groups targeting hospitals’ personal information with Ryuk ransomware. CyberMaxx also advised our customers to warn them of Maze ransomware targeting Cognizant.
“The threat of a ransomware attack on healthcare organizations has never been more real, and the sophistication of bad actors and their attacks have grown tremendously over the last year,” says Thomas Lewis, CEO of CyberMaxx. “What makes these cyberattacks so potent is their ability to go unnoticed weeks or even months before they execute encryption of the victim’s data files. This gives malicious actors insight into the most valuable resources and systems which they leverage as ransom .”
Don’t think a ransomware attack could happen to your organization? To date, our friends at CrowdStrike found that ransomware threat actors targeting enterprise environments with Ryuk have netted over $3 million dollars since it was introduced in August. We’ve pulled together best ransomware prevention practices and steps you can take to protect your network from future ransomware attacks better.
There is no solitary solution that will protect your security network; however, implementing a combination of the below ransomware protection steps and implementing some of the best intrusion detection and prevention systems will help keep exposure to a minimum.
1. Provide End-user Education on Identifying Phishing Attacks
Create monthly user education and reminders to help end-users better spot suspicious emails and documents before it’s too late. Additionally, set up data breach response parameters so that employees have to pick a strong password and change them frequently – quarterly or bi-annually.
Expert Tip: disable macros for documents received via email. Phishing emails commonly attach macro infected word documents that deliver ransomware and hold networks hostage.
2. Employ a Layered Security Approach That Maps to the Cyber Kill Chain
According to SANS, ‘Kill chain’ is a term originally used by the military to define an enemy’s steps to attack a target. Lockheed Martin released a paper officially defining a Cyber Kill Chain.
The ability to gain visibility and enforce policy at multiple points on the cyber kill chain is a must for enterprise organizations. Many organizations rely on protections only in a few locations (i.e. relying solely on perimeter protections) which is not a good practice. Ensuring you have sufficient network, endpoint, server, application visibility, and enforcement, both on-prem and in the cloud, is necessary.
3. Next Generation Endpoint Protection Solution
With endpoints being one of the most vulnerable aspects of your organization, you want to deploy a best-in-breed solution. Next-generation endpoint protection solutions like CrowdStrike Falcon give users access to machine learning capabilities that give you the capability to spot suspicious files and indicators of a cyber attack faster than anything else on the market.
Managed end-point solutions offer a dedicated cybersecurity team with experts who monitor end-points, perform strategic analyses, and detect behavioral anomalies. At CyberMaxx we’ve partnered with CrowdStrike to provide a dynamic end-point solution that alerts users to potential threats while simultaneously taking action to prevent any damage to the endpoints.
4. Reduce The Surface Area of Ransomware Attacks
- Employ a Patch Management Policy that encompasses devices and software in your network.
- Keep a log of when they were last patched and keep to a patching schedule.
- Employ GeoIP Filtering which can help block internet traffic from countries you don’t do business with to reduce exposure.
- Leverage a Least Privileges Model. Restrict users to only the permissions that they need for their job functions, as this can limit the spread of ransomware and lateral movement.
- Ensure you have a Backup and Recovery Plan. Follow the old but time honored ‘3-2-1’ rule for system/data backups: At least three copies, on two devices, and one offsite. Test the restoration process often to easily recover from a ransomware incident quickly.
- Employ Multi-Factor Authentication. This can help neutralize credential harvesting, protect passwords, and help alert you to potential ransomware attackers and reduce lateral movement.
Expert tip: A basic reoccurring calendar invite can help hold you and your team accountable to a strict schedule for patching.
Monitoring Capabilities to Identify Malicious Activity 24×7
Leverage industry-specific threat intelligence. Finding a cybersecurity company that has expertise in your field means that you will have access to the most up-to-date comprehensive data on new/active known threats.
A managed solution is also highly recommended considering the dynamic scope of IT security. With a rapidly evolving technology and cyberthreat landscape, it’s crucial to have the most knowledgeable team available. Extending your team and security through a managed solution ensures you have optimal 24/7/365 protection.
Ready to see CyberMaxx for yourself? Setup an Introductory Call today to learn more about how CyberMaxx prevents, detects, and responds to ransomware attackers’ Like these. You can also visit CyberMaxx.com to learn more about ransomware protection services.