8 Steps protect you from ransomware attack | HKT

Ransomware remains a major challenge for enterprises in 2022. But even paying the ransom does not assure victims of getting their stolen data back or protect them from serious financial damage. Our experts at our Next Generation Security Operations Center (NG SOC) understand the trends and challenges of ransomware, and can help you to improve your preparedness.

The 3 most active ransomwares:

1. Deadbolt Ransomware: targets QNAP & Asustor NAS devices by using a zero-day vulnerability
2. Cuba Ransomware: exploits vulnerabilities in the Microsoft exchange server. The FBI has alerted the business community to its severity
3. Conti Ransomware: uses stealth malware including Trickbots, BazarBackdoor and Anchor for initial access.

4, 5, 6....and more versions are surely on the way!

Common techniques for ransomware attacks include the following (the T numbers are MITRE techniques ):

(a) Active Scanning (T1595)
(b) Exploiting Public-Facing Applications (T1190)
(c) Brute Force (T1110)
(d) Scheduled Tasks and Jobs (T1053)

The 8 steps our NG SOC advises enterprises to:

1. Review existing public-facing applications, and patch frequently
2. Restrict storage server access from the Internet
3. Disable default accounts, use strong passwords and Multi-factor Authentication (MFA)
4. Update Anti-virus signatures frequently against sophisticated malware and the latest threats
5. Deploy Endpoint Detection and Response (EDR) solutions or Managed Security Services
6. Build and review your incident response plans for faster response and to minimize the impact of an attack
7. Enforce backup best practices to keep uninfected data and systems in cloud storage and offline
8. Educate your staff to be alert and vigilant to threats and the main forms of ransomware attack
9. Fighting off ransomware and cyber attacks is an endless and draining task. You need all the help you can get.