How to Protect Effectively Your Company from Ransomware Attacks?
In this article I will explain how to protect yourself from ransomware attacks in a truly effective way. Let’s talk about it…
What is the Ransomware? How It Works?
In a nutshell, ransomware is the general name given to malicious software that aims to steal your data and take over systems. Your data is encrypted with strong encryption algorithms that are very difficult or impossible to decrypt, and only the hacker knows the key to decrypt it. Before encrypting the data, the threat actor steals a copy of your data and blackmails you by promising to distribute it on the internet if you don’t pay a ransom. They usually use cryptocurrencies such as Bitcoin or Ethereum wallets as a means of payment to protect his identity. The size and sophistication of the attack depends on the targeted company or government.
Who Are Targeted by Ransomware / Crypto Viruses?
Large and small government agencies, intelligence services, technology companies, hospitals, logistics companies, accommodation facilities, R&D facilities and military organizations are among its main targets. They use zero-day vulnerabilities, especially when targeting government agencies and technology companies. However, there are many ransomware threats that target private companies and even personal computers. The number of threats in cyberspace is quite high. Sometimes ransomware can find you even if you are a small startup with a turnover of $10,000 a year and a single computer.
As system administrators, we must ensure that these attacks fail, and if they succeed, we must ensure that the impact is minimized. Because this is our professional responsibility and there is never 100% security. Now that we have briefly informed you, we can start explaining what is needed for effective protection.
How to Stop or Protect Ransomware Properly?
Blood, tiers and suffering. Let's start…
1- Use a Professional Firewall and Configure It Well
Many companies use firewalls. Many companies also leave these complex devices with their default settings because of their complexity. This is a strategic and very big mistake. Firewalls are the gateway of your internal network to the outside world. Your internal network also uses port numbers (between 1–65,535) when communicating with the internet or other connectable devices.
Examples of these are most famous port numbers; 443 for HTTPS protocol, port number 1443 for Microsoft SQL Server, port 3389 for remote desktop connection (RDP). With a firewall, these ports can be closed, internet traffic can be monitored, and threats can be blocked by the firewall before they reach your internal network like a long-range anti-missile system. A secure connection (such as a VPN) can be created for those working from outside or from home. Some additional features can automatically block known threats as well as undiscovered threats if that are suspicious. A firewall is one of the most powerful instruments that can defend a company against threats from the outside world. However, it is not only necessary to buy it, but also to use and configure it really well. When choosing a firewall, be careful to choose it according to your company’s needs.
2 — Implement Security Hardening on Your Systems and Internal Network
I will speak more about the Microsoft Windows ecosystem, where I am more of an expert. However, the general rules can also be used for different platforms like linux or MAC.
Implement security segmentation in your company network. Not everyone should have easy access to everything, not even the boss. Isolate the management interface of your servers from the network that employees can access. In many companies, the IP addresses of the management interfaces of virtualization systems such as Windows Server, VMware, Hyper-V Server are easily accessible from the employee network. Windows Server and Workstation machines need to be centrally secured with Active Directory. Make sure end users do not have admin privileges. If the IT department works as a team within the company, the authorization separation of team members should be done well.
3 — Email Security
Threats don’t just come through websites. Some organizations send and receive tens of thousands of emails a day. Of course, your employees may receive dozens of security-risk emails in their inboxes every day. The first line of defense in email security starts at the email gateway service, just like firewalls. When the email gateway service detects malicious emails, it blocks them before they reach the server.
But the most important thing in the line of defense is human error. In order to minimize the risk of human error, periodic training of all employees should be planned and implemented. You should train your employees on how to recognize phishing scams or malicious attachments to emails. IT should conduct phishing attacks in secret to see if these trainings are successful. More security measures should be taken for high-risk accounts.
4 — Use Multi Factor Authentication (MFA)
As an IT professional, I know that enabling and implementing multi-factor authentication for the end user is a time-consuming and workload-intensive process. However, this process is an important security factor that limits phishing scams and unauthorized access. Don’t forget to use MFA, at least for critical accounts.
5 — Use An Advanced Antivirus Program
6— Use A Professional and Advanced Backup Software
You need to take backups and make sure that the backups are reliable. When taking backups, we first need to pay attention to the 3–2–1 rule. What is the 3–2–1 rule?
Three different copies of the data, 2 different backup devices, 1 backup outside the company or building. If I explain this rule a little more, at least three copies should be made in one day according to the criticality of the data. It should be stored on 2 different devices. 1 backup should be stored outside the company offline or outside the company in the cloud environment. I recommend keeping more in the cloud. Storing backups in a reliable cloud computing service will allow us to return to the pre-disaster period quickly and with minimal loss in the event of a possible disaster. As an example of reliable and proven cloud services: Microsoft Azure, Amazon AWS and Google Cloud. This way we can mitigate the impact.
7 — Endpoint Management, Updates and Policies
Company employees, outsource experts, highly authorized company executives even IT Admins, etc. Security is connected like a chain and you are only as safe as the weakest link. The security of end users is more of a concern for the IT department than it is for them. Some actions that can be taken are us;
- End user accounts need to be centrally managed by IT.
- End users should be prevented from installing software on their computers that is not authorized by IT.
- Password procedures should be managed by a policy.
- Information security commitment must be clearly stated to employees.
- Periodic trainings on information security should be provided.
- Software installed on employees’ computers or mobil devices should be periodically monitored for updates, and if software with security vulnerabilities is installed, it should be upgraded to the current version as quickly as possible.
- An update plan should be created for updates of operation systems.
8 — Monitor All Systems
How do you identify when a process is suspicious? You can’t measure what you don’t monitor. Logs should be collected and monitored by a good SIEM and alarms should be created for necessary situations. As the log size increases, the only way to deal with them is to use SIEM software.
9 — Security Checklist
The security checklist allows you to see what you have missed and what you have done properly. Including a SWOT analysis in this checklist will be highly beneficial for you.
Conclusion
Ransomware attacks come in two types. One is “human-operated ransomware attacksan” the other is “automated ransomware attacks”, that is, attacks that repeat certain patterns with automated software. Usually, small and medium-sized businesses are targeted by automated attacks. Large businesses and government organizations are usually targeted by complex attacks managed by a skilled hacker. This type of manned attack monitors the target for a long time, gathers information and attacks at the right time. Unmanned automated attacks, on the other hand, exploit well-known security vulnerabilities and start the encryption process at the first opportunity. Ransomware attacks do not only exploit vulnerabilities. They can take advantage of many details such as bad and misconfigured systems, human errors, weak passwords, inexperienced IT departments. It is quite simple to stop 99% of automated attacks.
I have summarized the ways to increase the security of systems in 9 topics. There are many technical details under the articles and there is no way to write them all in a single article. I hope it will be useful to broaden your security horizons.