Ransomware made easy
The concept of ransom, despite being totally unfortunate, is pretty easy to understand.
A bad actor takes something without permission and asks for money to give it back.
Adapting such a form of crime to nowadays technologies is pretty easy as well.
A malware enters your device without permission and encrypts all your files with an encryption key that is virtually impossible to decipher by chance. Then, the only window you are allowed to see on your monitor is the one with the ransom request. When (and if) the ransom is paid, the attacker will finally send you over the decipher key, giving you back access to your files.
Conceptually easy in its structure, this form of cyberattack costs millions of dollars every year, with businesses in retail, education, and IT among the most damaged.
Clearly, it is not just that, as more advanced forms of ransomware attacks exist and hit even stronger. They could leverage the threat of exposing sensitive information from the target organization or rely on innovative distribution models.
This is the case of Conti and REvil, the two most dangerous types of ransomware attacks in 2021 in terms of victims and financials. These two types of attack, fearsome on their own, found their fortune on their business model. Both of them have been spread around thanks to a Ransomware-as-a-Service model, where the cybercrime group allowed people from the outside to act as affiliates or mediums. In return, for every successful ransom obtained, these people took a share of the ransom.
The model, other than spreading the virus at an unprecedented pace, made it also harder to attribute the attacks to the original actors.
There are a few actions that everyone could put in place to prevent the risk of get in trouble with a malicious software. Installing a firewall for ransomware, for instance, is the first and most important security solution you could take to prevent exposing personal information.
How to prevent a ransomware attack
Despite being extremely hard to predict, there are a few best practices that every user could put in place to mitigate and potentially nullify the risk of being hit by a ransomware attack. Bearing in mind that most cyberattacks leverage both human and IT vulnerabilities, there are good habits and technical implementations, mainly for your firewall, that could be extremely useful. Here is a helpful list to keep at hand in your daily internet surfing.
Best practices for firewall and network configuration
- Install an easy-to-use firewall, that could ease and not hinder the adoption of security habits.
- Remote Desktop Protocol (RDPs) are, with phishing, the main channels of infection for Ransomware attacks. Monitoring and locking down RDP and other services with your firewall is definitely a must for your internet security. Whitelist only applications you consider safe.
- Strengthen your passwords and use multi-factor authentication. This is a rule of thumb for every digital asset but take it as a suggestion also for your remote management and file sharing tools so that they’re not easily compromised by brute-force hacking tools.
- Limit remote access to your computer setting rules for connection. Your firewall should allow the setup to limit port-based access via filters or passwords. VPNs are also a valid alternative to port-forwarding when accessing your organization’s network from the outside.
- Enable TLS Inspection with support for the latest TLS 1.3 standards on web traffic to ensure threats are not entering your network through encrypted traffic flows.
- Segment LANs into smaller, isolated zones or VLANs, and minimize the risk of lateral movement within the network. VLANs could then be secured and connected together by the firewall. Be sure to apply suitable IPS policies to rules governing the traffic traversing these LAN segments to prevent exploits, worms, and bots from spreading between LAN segments.
Healthy digital habits
- Reduce data transfers every time is possible, as more data transmissions equal to more vulnerabilities. Also, try to avoid sending sensitive data on personal devices, usually less controlled and significantly more vulnerable to cyber-attacks.
- Download Carefully and check your data sources carefully. If in doubt, check on a search engine. It’s important to only download files from sources and avoid unnecessary downloads to lower your device susceptibility to malware.
- Update device software, as security is (or at least should be) a top priority for every software provider. Providers work hard on continuously making their software more secure, and regularly installing the latest updates will make your devices less vulnerable to attacks.
- Develop a breach response plan. Data breaches can happen to even the most careful and disciplined companies. Establishing a formal plan to manage potential data breach incidents, primary cyberattack response plan, and cyber attack recovery plan will help organizations of any size respond to actual attacks and contain their potential damage.
- Change your passwords from time to time. It’s free and drastically lowers the chances of one of your accounts being spoofed.
Being the most dangerous and spread form of cyber attack, preparing against ransomware is crucial for the digital health of your business, your organization, or even yourself. Adopting a good level of skepticism and common sense with regards to digital environments, and gearing up with a sturdy antivirus and a firewall could really make the difference and save you a lot of money.
Brian Deasy says:
Your advice is timely and valuable. But your recommendations are goobledydock for the non-savvy. We plebs need something simple and easy to install. I’ve been a receiver of your newsletters for more than 10 years since a technical assisitant from Telstra recommended Glasswire but my IT knowledge base belongs to a long-gone era (I.m an 85 year-old pensioner great grandfather.