Describe different defense mechanisms used to prevent ransomware

  • 9 minutes

Identifying vulnerabilities enables you to focus on defense mechanisms you can use to prevent ransomware. Being aware of the methods attackers use to take advantage of your vulnerabilities helps to mitigate the risk factors.

In this unit, you'll learn about some precautionary measures you can put in place to avoid being exploited.

Identity theft protection

Identity theft refers to a crime committed to steal your personal or sensitive information, such as payment details, ID information, medical records, and so on. Attackers then use this personal information to commit fraudulent activities. For example, applying for loans in your name, making online purchases using the stolen card details, or gaining access to your financial and medical records.

Cybercriminals will attempt to plant malware in your device. Malware then operates in whatever way the attackers want. It records and stores personal information without your knowledge and tracks activities on your device.

Research shows that almost all organizations are at risk of identity theft. Even those organizations with robust security measures can be at a risk of exposed identity through an unintentional security lapse. A recent study revealed that identity theft causes damage worth billions of dollars to consumers and businesses. To combat this threat, you can consider the following measures:

  • Multi-factor authentication (MFA)
  • Passwords

Multi-factor authentication

Multi-factor authentication (MFA) is a security measure that helps ensure that only an authorized person can sign into an account. The MFA process requires you to implement the following steps:

  • Register: Link your email or register your personal device, such as a smartphone, to the system and verify it as yours.
  • Log in: Enter your username and password to sign in.
  • Verify: The system sends a code or PIN to your registered email or device and asks you to submit the PIN before attempting to access a resource or information.

This technique adds an extra layer of security as it evaluates the identity of a user based on given details, such as their device or location. In case of a compromised username or password, unauthorized individuals won't be able to meet the second or third level of authentication required.

Passwords

Traditionally, using passwords has been the most important layer of security when obtaining access to a device or an account. However, with the advancement of technology, it's now possible to eliminate usernames and passwords from the user experience and consider passwordless authentication instead. Passwordless authentication makes the process quick and simple for users and enhances security. For this, you need to first install an authenticator app and link it to your phone or personal account.

If passwords are required, you must ensure that strong passwords are used to sign into a device or account. Ineffective passwords are vulnerable entry points for ransomware attacks. You can create a security plan within your organization and encourage employees to change passwords frequently. They must also ensure that passwords aren't shared between admins and employees, and that they aren't reused for different websites or accounts. Also, make certain that the privileged or administrator accounts' passwords are not left exposed.

Back up critical data

Regular backups will ensure that you don't lose critical data. You can make backups using online cloud-based storage accounts or a removable device. If you're backing up your data in a removable device, ensure that it's scanned and virus free before using.

Encrypting sensitive data and emails

Encryption helps you disguise the content of your email messages or files to protect sensitive information from being exposed accidentally to the wrong recipient or attackers.

The risk of messages being delivered to the wrong person, or critical information reaching the wrong hands, can lead to ransomware or other malware attacks. Emails can contain private and confidential information which could lead to leaks or exposure of data. It's recommended to encrypt personal, sensitive, or financial information before sending it to the recipient.

Encryption can be a built-in feature in an app or an email service. It's also available as third-party software. You can get encryption tools that lock the content of an email or a file. The recipient must then use a special code or password to access the information.

Access to resources

Restrict access

One of the most crucial defense mechanisms is to restrict access to critical data and information and grant secure access only to required individuals. You can control access to protect your data and applications. Here are two key approaches:

  • Role-based access: Role-based access grants permissions only to certain roles. Roles that the specific users hold are verified by the system, which then allows them to access resources to carry out their duties.
  • Conditional access: Conditional access offers a set of restrictions that only allow access to a user's device if it's compliant. If the device isn't compliant, conditional access will either guide the user to make some necessary changes or deny access altogether.

Protecting endpoints

Any computing device, such as laptops, PCs, smartphones, tablets, and desktops, which connects and communicates over a network, is called an endpoint. Attackers attempt to target endpoints with the aim of infecting the device with malware and replicating within the network. To avoid the risk of getting exploited, it's critical to ensure that your endpoints aren't vulnerable to any threats. One of the ways to safeguard endpoints is by the continuous practice of vulnerability management.

Vulnerability management

Vulnerability management is the routine process of scanning, identifying, monitoring, and reporting on any security vulnerabilities that attackers tend to exploit. It's imperative to detect any loopholes and weak areas in security infrastructure and then remediate them.

This includes keeping your systems and software up-to-date, installing the latest security updates, securing configuration settings, and closing security gaps. Timely detection of security loopholes and implementation of proven strategies will help to combat ransomware.

Protecting employee productivity tools

Tools used to carry out day-to-day work activities, such as PCs, laptops, mobile devices, audio and video conferencing platforms, work applications, and so on, are categorized as employee productivity tools. These tools help employees to work and collaborate on a daily basis. It's important for organizations to have secure productivity and tools to protect identity, data, apps, and networking.

Email filtering

Email filtering is an effective way to lower the possibility of malicious emails reaching employees. Here are two effective ways in which emails can be filtered:

  • Block list: This is a list of suspicious entities that should be blocked.
  • Allow list: This is a list of resources, such as, email, website, software, and IP addresses that are allowed access in a network.

Phishing

As much as organizations try to defend against phishing, such attacks are getting more prevalent. Attackers continue to send fraudulent messages, links, and emails to trick users and employees into revealing sensitive information or direct them to suspicious websites to gain access to resources.

You can use antiphishing and antispam protection tools to defend yourself and your network against malicious emails. These tools usually come built in to email clients.

Suspicious emails

Ransomware attacks will often rely on phishing campaigns where the attacker sends out emails that appear legitimate, but contain malicious attachments, instructions, or links. The following video shows what a typical suspicious email might look like, and what to do if you spot one:

Common red flags to look for include:

  • Threat of urgency in the email
    • The email might be written in a manner designed to frighten the user to immediately act according to its instructions.
  • Suspicious sender email address and links
    • The sender's email address might resemble a legitimate address from a real organization, but with a minor change in spelling or wording to confuse the user into thinking it's from a genuine sender. Clear typos and grammatical mistakes in the email body can also be a sign of a malicious email.
    • Similarly, attackers will hide malicious URLs behind hyperlinks in the email. If you hover over any links, you might spot that it reads like a link from a legitimate site, except for a minor change in wording or spelling. That could be a sign that the link is malicious.
  • Requests for private information
    • The email might ask the user to provide personal details, payment information, or credentials.

Train employees to reduce risk

Employees play an important part in safeguarding an organization against cyberattacks including ransomware, or any extortion-based attacks. Security awareness can help to thwart ransomware attacks. You can train members of your organization to spot phishing and potentially risky behavior. They should report suspicious links and emails, avoid disclosing personal information, steer away from malicious attachments, and so on.