Read time: 8 minutes
Cyberattacks are occurring more commonly every day, especially after the COVID-19 pandemic. In the past month, three huge enterprises, JBS, Kaseya, and the Colonial Gas Pipeline, were hit with ransomware attacks. With everyone working remotely, even more targets opened up for threat actors to exploit. This proves that no matter how big your organization is, cybersecurity should never be just an afterthought. When designing systems and implementing policy, security should always be at the forefront of the architect’s mind. Today, we’ll take a look at what Ransomware is as well as the best practices your organization can follow to protect your IT systems from Ransomware.
What is Ransomware and How Does it Work?
Malware is everywhere on the Internet, and one of the more commonly used types of malwares today is Ransomware. The way malware tends to infect a victim varies from threat actor to threat actor. Methods of attack can include phishing, ads or emails that look legitimate but are not, and an attacker accessing your device via a software or hardware vulnerability. Once the attack is successfully initiated, the malware payload is then activated on the victim’s computer. With Ransomware, this means that all the documents, files, and data on the victim’s computer are encrypted. Along with leaving behind the encrypted data, the attackers usually leave a ransom note behind as well. This will give the victim instructions on how much and where to pay the attackers, who will then decrypt the data for the victim.
It is not recommended to pay ransomware threat actors. They can keep the decryption key and not give it to you. They may also not know how to decrypt the data or have already downloaded the data in its unencrypted form to blackmail you in the future. One of the best ways to protect against this is encrypting the data within your network yourself. If you encrypt the data, and the attacker does not have access to the decryption key, then the data is useless to the attackers. They will not be able to read it and therefore cannot use the data for blackmail in the future. We will take a deeper look at encrypting data to protect from Ransomware later, but first we will look at a few other ways to defend against ransomware attacks.
Tips and Best Practices to Protect from Ransomware Attacks
- Implement proper certificate and key management: One of the most recent malware attacks on a company called Kaseya saw threat actors using a rogue certificate to gain access to private systems and spread their Ransomware to thousands of victims. Rogue certificates can be used to spread all types of malwares, so it is so important to have the certificate and key management adequately executed in an organization. Automation of key and certificate management lifecycle tasks, such as renewal, creation, and revocation, can help ensure your organization does not face any rogue certificate issues. Additionally, continually identifying certificates in your network will help your company determine if any rogue certificates are already in play.
- Utilize envelope encryption: As previously mentioned, encrypting your organization’s data would protect your organization from the majority of risks associated with ransomware attacks. Data encryption can be taken a step further if you use envelope encryption. Envelope encryption involves encrypting data with an encryption key and then encrypting that encryption key with a master key. This ensures that even if a threat actor steals both the data and the encryption key, they still cannot decrypt the data since they don’t have the master key.
- Use HSMs for encryption keys: Hardware Security Modules (HSMs) are external devices used to store cryptographic keys securely. These HSMs are tamper proof, tamper evident, and secure from the majority of infiltration techniques. In addition to providing robust security, HSMs also make the user FIPS 140-2 Level 3 compliant, thus displaying to customers that your organization meets some of the necessary compliance requirements.
- Use SSL/TLS for data-in-motion: To protect data-in-motion, most organizations use SSL/TLS. Secure Sockets Layer/ Transport Layer Security is a way to protect data-in-transit using digital certificates and keys. The majority of companies uses SSL/TLS for in-transit data encryption.
- Have a Disaster Recovery plan in place: If the worst happens, and your data is encrypted with Ransomware, it is vital to have a Disaster Recovery Plan in place. This plan can reset your systems to the way they were before the ransomware infection, effectively giving the attackers no leverage to use against your company. These plans should be regularly updated and tested to ensure the plan works perfectly if it is necessary.
- Train your team members: One of the most common methods of infiltrating an organization’s network is via the members of the organization. Training team members not to click malicious ads or links, and teaching them to never download anything from an untrusted source can go a long way to stopping malware attacks.
- Protect your systems with a PKI: A Public Key Infrastructure, or PKI, ensures that unknown devices cannot user your company’s network. A PKI uses certificates to verify that devices and users can be trusted within a network, and as long as the aforementioned certificate and key management tasks are being followed, then any user with a PKI certificate can be trusted.
- Patch vulnerabilities: Regularly patching vulnerabilities ensures attackers cannot exploit your hardware or software to enter your network. OS and software patches are released when a vulnerability is identified, so always apply these patches when they are available.
- Use anti-malware software: One final method of protecting your company from Ransomware is by using anti-malware software. This software can detect malware, alert the necessary parties, and warn users. This is useful for stopping attacks before they occur and training team members in the future.
How Encryption Consulting Can Help
Our organization, Encryption Consulting, is a consulting company dedicated to protecting your organization from outside attackers. We offer services that include certificate and key management, PKI assessment, design, implementation, and PKI and AWS training. Our encryption assessments help you identify any weaknesses in your network, while we design a roadmap to implement fixes for the security gaps, and we can help implement that roadmap as well. We can also help you implement and test your Disaster Recovery plan to ensure that no steps are missed and you are fully protected from malware like Ransomware. To learn more about our services and products, contact us at www.encryptionconsulting.com .