Steps to safeguard against ransomware attacks
By: Mohammad Jamal Tabbara, Solutions Architect Manager at Infoblox
Ransomware assaults have increased in frequency and severity, making it one of the most dangerous dangers today. Ransomware assaults are becoming more common, resulting in millions of dollars in reputational harm, recovery costs, extorted ransom payments, revenue loss, and the inability to operate vital infrastructure, among other things. Cybercriminals are employing new techniques such as Ransomware-as-a-Service to increase their attack capabilities.
Given the rising tide of ransomware attacks and the threat of threat actors investing heavily in ransomware-as-a-service platforms, businesses are becoming increasingly concerned about protecting their IT assets by adopting and implementing best practises in cybersecurity management at a corporate level. Infoblox, on the basis of its experience in helping companies to protect their core IT services and orchestrate their cybersecurity posture, recommends:
- Backup data, system images, and configurations, They should be tested on a regular basis, and backups should be kept offline. As many ransomware variations try to discover and encrypt or delete accessible backups, make sure backups are tested on a regular basis and are not connected to the business network. Maintaining current backups offline is crucial because systems cannot be restored if network data is encrypted with ransomware.
- Update and patch systems promptly: This includes timely maintenance of the security of operating systems, applications, and firmware. The importance of orchestration cannot be overstated. It is highly recommended that you employ a centralised patch management system and that your patch management programme is driven by a risk-based assessment method.
- Leverage DNS as a first line of defense. DNS security is also an important aspect of any ransomware defensive strategy. At one or more steps of the cyber death chain, ransomware and most malware employ DNS. When it comes to a targeted attack, DNS may be employed during the reconnaissance phase. DNS is also employed in the delivery phase, as potential victims do DNS queries for the attack’s IP addresses without realising it. When ransomware spreads via spam campaigns, DNS will also be employed in the email delivery process. When the victim’s system is penetrated and infected, the exploitation phase may include DNS queries. When an infected system communicates with the command and control (C&C) infrastructure, DNS is usually used.Using threat intelligence and analytics on your internal DNS can detect and block such nefarious activity early before ransomware spreads or downloads the encryption software.
- Network segmentation: Ransomware attacks have recently shifted from stealing data to disrupting operations. It’s critical that your corporate business functions and manufacturing/production operations are kept separate, and that you carefully filter and limit internet access to operational networks, identify links between them, and develop workarounds or manual controls to ensure that ICS networks can be isolated and continue to operate even if your corporate network is compromised. Test contingency plans, such as manual controls, on a regular basis to ensure that safety-critical functions are maintained in the event of a cyber disaster.
- Test organization’s incident response plan: Nothing reveals the flaws in a plan like putting it to the test. Run through the following questions to help you create an incident response plan: Are you able to keep your firm running even if you don’t have access to specific systems? How long will you be there? Would you shut down your manufacturing activities if critical business processes like billing went down?
- Check your security team’s work: To test the security of your systems and your ability to defend against a sophisticated assault, hire a third-party pen tester. Many ransomware thieves are bold and skilled, and they will seek for unlocked doors.
Finally, it is the obligation of organisations to defend themselves and their organisational resources, personnel, and partners. It is up to us to create a strong security posture, not just via the orchestration and use of security intelligence, but also by the adoption of a set of best practises involving the entire business. Don’t overlook the crucial role that secure DNS administration plays in the process on the road to achieving that goal.