The average ransom demand is around $178,000 – not a small amount for most businesses. Of businesses surveyed, 51% had suffered a ransomware attack in 2020. Ransomware attacks like REvil have exploded in 2021, seeing some of the largest and most destructive attacks to date including the Colonial Pipeline attack that shut down fuel delivery to the entire East coast of the USA for almost a week. Most businesses are not in any position to shell out massive amounts of money to cyber-criminals, so it’s important to master the art of cyber threat hunting and ransomware elimination! Let’s discuss a few skills you can train yourself to use daily to become a ransomware ninja warrior!
Become familiar with your environment
Just as ninjas are always aware of their surroundings, it’s important that you are the master of your environment. You must know every backdoor, patch, vulnerability on every system you have in place. Without this knowledge attackers can easily slip in and make changes without any trace. Ransomware sometimes lies dormant in a network environment for months! Ransomware could be covertly operating within your network, stealing confidential data, and working to encrypt your files, right this moment. Spend time each day checking over your network environment, traffic patterns, application, and system resource usage, keeping an eye out for any unusual changes that might indicate a ransomware attack.
See your environment from an attacker’s point of view
The best way to anticipate an attack is to consider how a hacker would do it.
- Where is your network the weakest?
- What data would an attacker consider most valuable?
- Are any systems missing critical patches?
- Are there ports or applications open on the internet that should not be there?
- How strong are your endpoint protections and who are your users?
- Have your users been properly vetted?
There is a plethora of potential attack surfaces, and you must stay on top of each one of these – and more! Once you’ve considered carefully where your network might be vulnerable, set up protections or deploy patches to strengthen these areas of the network.
Develop a threat detection plan
Educate your IT staff on what to do if they detect threats or attacks to ensure no one panics, and everyone knows their specific role. Seconds count when a ransomware attack is detected. Deploying protections and fortifying data is critical, and an unprepared team will miss steps that could make your recovery easier.
Creating a good threat detection plan involves 5 easy steps:
- Evaluate your environment for weaknesses
- Determine a “normal behaviour” baseline
- Build an incident response plan
- Analyze past incidents
- Create & implement a staff training program
A good threat detection plan is complemented by an excellent continuous threat detection solution. A combination of the right tools, in the right hands, makes detection of malicious activity much easier.
Set threat hunting policies
Your threat detection tools and solutions should let you set threat hunting policies to run in the background, automatically all the time. Solutions like Sangfor’s Cyber Command are the solution of choice for 24/7 network protection. Deploying the right solution means being able to offload IT staff and administrators and deploy them more effectively by using automated and reliable protection.
You can learn more about Cyber Threat Hunting Tools, Techniques & Solutions in this blog article. We have discussed on open source tools such as Snort, Suricata and Zeek and paid tools such as Sangfor's Cyber Command.
Protect all endpoints
68% of IT professionals surveyed by Ponemon in 2020 said the number of attacks on endpoints has increased. That’s pretty significant, and yet understandable, as mobile phone usage has surpassed PC usage in recent years. There are simply so many endpoints to exploit, attackers can take their pick. You must ensure that every device and endpoint is protected and monitored continuously – no small task. Many businesses choose to implement new technology to take control of endpoints. Look for endpoint protection solutions that can be integrated with other security solutions – meaningless (or no) downtime and more automated security capabilities.
Educate employees on cyber threat
The dangers of phishing are real! A successful phishing attack can result in lost data and financial loss. In fact, 60% of successful phishing attacks result in lost data! Data is the new oil and gets sold for big money on the dark web. Educate your employees on the importance of cyber security. Remind people of the possibility of the organization grinding to a halt or even going out of business if unknowingly enabling a ransomware attack – and make sure they take the training seriously!
Keep up to date on recent attack trends
Did you know that in 2021, APT attacks were on the decline, due to the pandemic? Hacking rings were forced to shift over to ransomware to continue making money. A new trend from 2020 is the side-sale of stolen information or what is now called “double extortion” when a company refuses to pay a ransom. 2021 saw a decrease in direct attacks against personal users – as it’s simply not as profitable. Instead, personal users are now targeted for ransom to prevent their information stolen during a ransomware attack from being posted; that is called quadruple ransom. From a single attack, hackers can extort money several ways including from collateral bystanders. It’s important to keep up to date on the latest cyber-attack trends, and tailor your security to protect against the most clear and present dangers.
Stay up to date on new security technology
For truly ninja warrior-like threat hunting and security skills, many choose to deploy a solution like Sangfor’s Cyber Command. It provides the critical threat detection and response required to identify and classify threats to the network and applications in real-time and protect the network from ransomware with advanced capabilities like:
- Identify and break cyberattack kill chains
- Fast & efficient response to all threats
- Simplifies incident investigation with comprehensive logs and report
- Fully integrates with network and endpoint security solutions
- Simplifies and automates cyber threat hunting
- Single-pane-of-glass visibility of organization security & risk posture
- Business impact analysis and mitigation of any threats in compromised areas
It’s important to keep in mind no matter the size of an organization, big or small, a single ransomware attack can lose jobs or bankrupt a business, and no one wants that to happen. Security company Cybereason found that 25 percent of organizations hit by a ransomware attack were forced to close. In addition, 29 percent were forced to eliminate jobs. Take a moment to consider how secure you feel from malware and ransomware attacks – and then go back and look at everything again! Why? Because 80% or organizations that suffered a ransomware attack experienced a reinfection within 12 months.
Contact a friendly Sangfor representative today for more information on how to protect yourself and your business from ransomware, and let Sangfor make your IT simpler, more secure, and valuable.