by Andrew Pitt

Sales Director

Connect with Andrew on Linkedin Connect with Andrew Pitt on Linkedin

Ransomware Protection Guide

Ransomware was a hot topic 5 years ago, and it remains so today. eCrime groups are better funded than ever to develop and execute sophisticated attacks. Being prepared and improving resilience to ransomware is vital given the insurance industry’s reduced appetite for accepting cyber risk. Saepio’s Ransomware Protection Guide is worth reading to ensure you’ve got your bases covered.

It’s our job at Saepio to understand the latest tactics of miscreants in the cyber world and deliver appropriate protection to our customers. Presently, the most successful widespread and targeted attacks involve intelligent exploits to deliver malware often in the form of ransomware payloads.

Statistics show that over half of UK organisations have experienced an infection and in many cases the ransom is paid.  It’s a profitable industry and according to the cyber insurance sector, the average payment increased over 300% in 2021. Saepio offer objective ransomware hardening advice and deploy effective solutions to Identify, Prevent, Detect, Respond and Recover.

Understand the Attack

  • Over 90% of attacks are initiated via email, many of which bypass traditional gateway filtering systems in the form of spear phishing.
  • Employee or users then become the weakness as they are coerced by intuitive techniques employed by cybercriminals to activate an exploit.
  • Vulnerabilities in applications or operating systems are often undiscovered and unpatched allowing a malicious payload to execute.
  • Traditional endpoint security solutions (Anti-Virus) are not equipped to detect advanced malware so the malicious payload execution is not blocked.
  • The endpoint is infected, data is encrypted, the user is locked out.
  • The average time between initial infection and moving laterally to another host is 98 minutes
  • The ransomware ‘reports home’ and a ransom is demanded to regain access.
  • If there’s no backup, or backups have been compromised in the attack, recovery options are limited and payment demands are often met.

Prevent the Attack

Combining many years of product knowledge with an understanding of the attack allows Saepio to recommend integrated effective solutions. There are numerous stage’s to a ransomware attack meaning security ‘layers’ are necessary to increase resilience against compromise.

  • Utilise a leading email security solution (like Abnormal) to block malicious emails before users click.
  • Educate users and increase cyber awareness when it comes to suspect emails, attachments, web links and other social engineering techniques. Saepio’s Managed Security Awareness Training service helps conquer human error.
  • Utilise a vulnerability scanner (like Rapid7) to identify high risk vulnerabilities in your IT estate then prioritise and automate patching with an integrated platform (like Automox) to prevent exploits.
  • Deploy a modern endpoint security solution to Detect and Respond to advanced threats – tools like CrowdStrike have superior capabilities over traditional AV to automatically contain and isolate an infected device.
  • Use a next generation secure web gateway (like Netskope) that blocks malicious traffic and payloads.
  • Use an identity platform like Okta to develop a zero trust architecture that only authenticates people allowed to access your systems.
  • Ensure all data is backed up immutably and test the recovery process works.  Cloud platforms like Druva are compelling.
  • Do not pay a ransom, follow a defined incident response procedure and have a specialist Incident Response team ready to go (like Secureworks) if you need to hit the ‘emergency help’ button.  Involve the authorities and learn lessons following root cause analysis.
  • If you’ve got all the bases covered, run a ransomware defence assessment with PentestPeople to validate your efforts and deliver peace of mind.

Saepio’s Guide to Malware Prevention

It’s fascinating how many endpoint devices being protected by established AV providers fall victim to cyber-attacks.  At least Ransomware lets you know you’ve been compromised, unfortunately there’s many malware variants that sit silently and hide while propagating across the network, creating a foothold before striking.  In fact the average dwell time of a cyber breach is over 120 days!  Can you be sure there are no existing infections across your estate?

Saepio advise reviewing the health of your endpoints and gaining peace of mind with an Incident Response scan.  Over 3,000,000 clean up events are conducted every day by Malwarebytes, they’re the industry’s most trusted vendor in remediating endpoint incidents.

Read more in Saepio’s Guide to Malware Prevention.

Saepio’s Threat Landscape Predictions

The cyber-attack surface widened in 2018. As organisations automate and innovate, the accelerated adoption of new technology and internet connected systems is apparent. Couple this with the rise in cyber criminals armed with tools and knowledge to compromise software vulnerabilities…. well, the result is obvious.

Read more in Saepio’s Threat Landscape Predictions.

Vulnerability Management Guide

We’re often asked ‘why would a cybercriminal target our business?’. The reality is every organisation has something a threat actor can benefit from, so the more relevant question is, ‘how easy would it be for a cybercriminal to target our business?’.

Like many situations in life, cybercriminals tend to take the path of least resistance and pick the low hanging fruit. Any business that displays public facing technical vulnerabilities will be their first port of call. By using readily available scanning and reconnaissance tools to scope the security health of websites, applications, wireless networks, firewalls, etc, they will focus on weakness. In fact according to Forrester, 41% of successful cyber breaches are down to a technical vulnerability being exploited.

Read more in our Vulnerability Management Guide.