There are many types of computer attacks, but there is one that has been especially important in recent years, ransomware attacks. As we discussed months ago, Ransomware locks computers and asks for ransom for unlocking, a lock that can cause deaths when what is being locked in the computer infrastructure of a hospital, for example. The question is… Is there anything a company can do to reduce the threat of a ransomware attack?
A group of cybersecurity experts spoke about the issue on Reddit, in a discussion hosted by the California-based Institute of Security and Technology (IST). At the event were Jen Ellis and Bob Rudis from cybersecurity firm Rapid7, Marc Rogers from IT services firm Okta, James Shank from computer security company Team Cymru, and Allan Liska from cybersecurity company Recorded Future.
In summary, we can highlight the following points:
- Okta’s Rogers commented that in most cases, ransomware is a malicious application that takes control of the system before spreading laterally to each and every connected system. If a computer becomes infected, it must be immediately disconnected from the network so that the problem does not affect the rest, without obtaining files from it to copy them to another machine.
- Rudis from Rapid7 said that most ransomware attackers do not need advanced tools to achieve their goals. Many times problems start with human action, so it is important to use multi-factor authentication, patching, protection, and monitoring, as well as remote infrastructure scanning and threat hunting for attackers. The team must be trained to identify threats and not fall into traps.
- It is possible to make configurations on the servers to avoid blocking at scale. You can study configurations on Active Directory and SMB (Server Message Block) servers, for example.
- Liska commented that there is no single software solution that solves the problem of ransomware or other types of attacks. It is not solved with antivirus but with adequate policies, people and protocols to quickly identify and stop threats.
On the other hand, normal people, in our homes, we can help if:
- We use strong passwords that are unique to each site or service we visit.
- Let’s have good backups on several different devices that are never connected at the same time.
- We pay attention to the strange things that may happen, to suspicious links that we have accidentally clicked. From the moment we click on a malicious link until the problem appears, hours can pass, so if we notify the security team to act sooner, we can save ourselves headaches.
Now it is necessary to bear in mind that the payment of the ransoms only feeds this type of action. In fact, there are countries that are demanding that organizations report on ransom payments and on greater regulation of the cryptocurrency sector, which will help to tackle the problem faster.