Important stages of ransomware evolution

Once attackers gain a foothold in an enterprise environment, they can execute a script that causes all network printers to disseminate ransom notes non-stop. Because this is a potential source for unwanted public attention, the victim is more likely to start cooperating.

Ransomware protection best practices

To stay safe amid the dynamic ransomware evolution, organizations should learn to be moving targets and have a plan B if things get out of hand. The following checklist will shine the light on the ways to avoid the worst-case scenario and keep your data intact.

• Back it up. If ransomware cripples your data, you can easily restore it using a recent backup. The caveat is that this type of mitigation will not fully address the issue if you fall victim to double extortion involving data theft.
• Keep your remote desktop services safe. Because RDP hacking is the pivot point of most ransomware assaults targeting the enterprise, it is in your best interest to secure these services. Set up multi-factor authentication (MFA) for remote access, restrict the number of failed connection attempts, and specify a list of allowed IP addresses.
• Harden your email security. Tweak your email settings to block phishing attacks, spam, and messages with executable files onboard.
• Stay away from Office macros. Refrain from opening Microsoft Word or Excel files attached to emails from unknown senders. These documents may contain Visual Basic for Applications (VBA) macros that execute harmful processes behind the scenes.
• Prioritize your files. Determine what data is the most important and secure it with an additional protection layer. Encrypting such information is a good call because crooks cannot turn it against your company even if they manage to steal it.
• Make the most of a firewall. A reliable firewall solution will block malicious Internet traffic that occurs when ransomware is communicating with its C2 infrastructure to obtain cryptographic keys and extract your data.
• Learn to fend off DDoS raids. With the above-mentioned RDoS attacks gearing up for a rise, make sure you have appropriate defenses in place. Use a web application firewall (WAF) and a cloud-based DDoS mitigation service from a reputable provider such as Cloudflare or Akamai.
• Do not underestimate the power of software updates. In addition to improving the user experience and delivering new functionality, updates contain critical patches that address recently discovered software vulnerabilities. This raises the bar for any viruscreators attackers who are adept at exploiting security loopholes in obsolete applications to infiltrate networks.
• Use an effective security suite. Whereas antivirus software is not the silver bullet, it can detect and block all known strains of ransomware in a snap.
• Educate your staff. Invest in a security awareness program for your employees. Every member of your team should know the telltale signs of a phishing attack, use strong passwords or MFA to access their work accounts, and maintain proper RDP hygiene.