Ransomware Protection Guide

Ransomware was a hot topic 5 years ago, and it remains so today. eCrime groups are better funded than ever to develop and execute sophisticated attacks. Being prepared and improving resilience to ransomware is vital given the insurance industry’s reduced appetite for accepting cyber risk. Saepio’s Ransomware Protection Guide is worth reading to ensure you’ve got your bases covered.

It’s our job at Saepio to understand the latest tactics of miscreants in the cyber world and deliver appropriate protection to our customers. Presently, the most successful widespread and targeted attacks involve intelligent exploits to deliver malware often in the form of ransomware payloads.

Statistics show that over half of UK organisations have experienced an infection and in many cases the ransom is paid.  It’s a profitable industry and according to the cyber insurance sector, the average payment increased over 300% in 2021. Saepio offer objective ransomware hardening advice and deploy effective solutions to Identify, Prevent, Detect, Respond and Recover.

Understand the Attack

• Over 90% of attacks are initiated via email, many of which bypass traditional gateway filtering systems in the form of spear phishing.
• Employee or users then become the weakness as they are coerced by intuitive techniques employed by cybercriminals to activate an exploit.
• Vulnerabilities in applications or operating systems are often undiscovered and unpatched allowing a malicious payload to execute.
• Traditional endpoint security solutions (Anti-Virus) are not equipped to detect advanced malware so the malicious payload execution is not blocked.
• The endpoint is infected, data is encrypted, the user is locked out.
• The average time between initial infection and moving laterally to another host is 98 minutes
• The ransomware ‘reports home’ and a ransom is demanded to regain access.
• If there’s no backup, or backups have been compromised in the attack, recovery options are limited and payment demands are often met.

Prevent the Attack

Combining many years of product knowledge with an understanding of the attack allows Saepio to recommend integrated effective solutions. There are numerous stage’s to a ransomware attack meaning security ‘layers’ are necessary to increase resilience against compromise.

• Utilise a leading email security solution (like Abnormal) to block malicious emails before users click.
• Educate users and increase cyber awareness when it comes to suspect emails, attachments, web links and other social engineering techniques. Saepio’s Managed Security Awareness Training service helps conquer human error.
• Utilise a vulnerability scanner (like Rapid7) to identify high risk vulnerabilities in your IT estate then prioritise and automate patching with an integrated platform (like Automox) to prevent exploits.
• Deploy a modern endpoint security solution to Detect and Respond to advanced threats – tools like CrowdStrike have superior capabilities over traditional AV to automatically contain and isolate an infected device.
• Use a next generation secure web gateway (like Netskope) that blocks malicious traffic and payloads.
• Use an identity platform like Okta to develop a zero trust architecture that only authenticates people allowed to access your systems.
• Ensure all data is backed up immutably and test the recovery process works.  Cloud platforms like Druva are compelling.
• Do not pay a ransom, follow a defined incident response procedure and have a specialist Incident Response team ready to go (like Secureworks) if you need to hit the ‘emergency help’ button.  Involve the authorities and learn lessons following root cause analysis.
• If you’ve got all the bases covered, run a ransomware defence assessment with PentestPeople to validate your efforts and deliver peace of mind.