Difference between revisions of "Preventing and Mitigating Ransomware"
Skychemist5 (talk | contribs) |
Skychemist5 (talk | contribs) |
||
Line 9: | Line 9: | ||
Recently [https://www.bleepingcomputer.com/news/security/lincoln-college-to-close-after-157-years-due-ransomware-attack/ Lincoln College] attributed its closing due to the effects of ransomware. Whole public infrastructures have been held ransom | Recently [https://www.bleepingcomputer.com/news/security/lincoln-college-to-close-after-157-years-due-ransomware-attack/ Lincoln College] attributed its closing due to the effects of ransomware. Whole public infrastructures have been held ransom | ||
− | IT infrastructures are further potentially compromised with software flaws and exploits, such as [https://www.darkreading.com/vulnerabilities-threats/office-365-files-stored-in-the-cloud-vulnerable-to-ransomware-encryption Microsoft Exchange, Microsoft 365, SharePoint, OneDrive and Teams] which permit attackers to compromise entire networks. | + | IT infrastructures are further potentially compromised with software flaws and exploits, such as [https://www.darkreading.com/vulnerabilities-threats/office-365-files-stored-in-the-cloud-vulnerable-to-ransomware-encryption Microsoft Exchange, Microsoft 365, SharePoint, OneDrive and Teams] which permit attackers to compromise entire networks. In addition to indirect and random infections, directed attacks have the potential for further disruption. Purposeful attacks and compromises come from learning a potential victims unique vulnerabilities and network topology. Too often IT professions rely on such measures as the Common Vulnerability Scoring System (CVSS) and other rating systems without realizing cybercriminals use these low scoring vulnerabilities as means of compromise. Such instances demand vigilance and staying current on the part of IT professionals and end-users alike. |
'''Call To Action''' | '''Call To Action''' | ||
− | A all too often adage is "Failing to plan, is planning to fail." It is equally true that a half hearted effort equally has the potential to end in ruin. 1) A starting point is to identify the identify the assets within infrastructure, to know the critical and non critical devices and understanding the visibility and context of the attack surface. 2) Isolating and restricting critical intranets from the internet and data access points when possible. Using cyber risk scoring to systematically to identify weaknesses and vulnerabilities with the highest likelihood of impact. 3) Developing a resilient infrastructure is key to prevention and recovery in the event of any network compromise. Ideally systems would include internet security and antivirus software, a good computer habits and cyber hygiene program and a means for restoration of services with minimal impact should such need to be implemented. | + | A all too often adage is "Failing to plan, is planning to fail." It is equally true that a half hearted effort equally has the potential to end in ruin. 1) A starting point is to identify the identify the assets within infrastructure, to know the critical and non critical devices and understanding the visibility and context of the attack surface. 2) Isolating and restricting critical intranets from the internet and data access points when possible. Using cyber risk scoring to systematically to identify weaknesses and vulnerabilities with the highest likelihood of impact. 3) Developing a resilient infrastructure is key to prevention and recovery in the event of any network compromise. Ideally systems would include internet security and antivirus software, a good computer habits and cyber hygiene program and a means for restoration of services with minimal impact should such need to be implemented. 4) Training IT staff and educating end-users are paramount. Weakness in awareness and complacency can undermine all of the previous efforts. Well trained, best practices and informed CIO/CTOs and network admins can supplement and/or replace the role of a CISO in many instances. |
Revision as of 15:51, 17 June 2022
Ransomware - malware that encrypts files and operating systems. Extortionist then hold for ransom the decrypt keys for the restoration of data. The uniqueness of a ransomware exploit is that infection can occur and spread via various malware injection methods, such as the compromise of hyperlinks, infected files, software updates, network access and social engineering.
The 2021 FBI Internet Crime Report has ransomware events up 82% between 2019 and 2021. As of this writing the country of Costa Rica is under attack.
"WASHINGTON (AP) — Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country’s president declaring war against foreign hackers saying they want to overthrow the government." AP Newswire
Recently Lincoln College attributed its closing due to the effects of ransomware. Whole public infrastructures have been held ransom
IT infrastructures are further potentially compromised with software flaws and exploits, such as Microsoft Exchange, Microsoft 365, SharePoint, OneDrive and Teams which permit attackers to compromise entire networks. In addition to indirect and random infections, directed attacks have the potential for further disruption. Purposeful attacks and compromises come from learning a potential victims unique vulnerabilities and network topology. Too often IT professions rely on such measures as the Common Vulnerability Scoring System (CVSS) and other rating systems without realizing cybercriminals use these low scoring vulnerabilities as means of compromise. Such instances demand vigilance and staying current on the part of IT professionals and end-users alike.
Call To Action
A all too often adage is "Failing to plan, is planning to fail." It is equally true that a half hearted effort equally has the potential to end in ruin. 1) A starting point is to identify the identify the assets within infrastructure, to know the critical and non critical devices and understanding the visibility and context of the attack surface. 2) Isolating and restricting critical intranets from the internet and data access points when possible. Using cyber risk scoring to systematically to identify weaknesses and vulnerabilities with the highest likelihood of impact. 3) Developing a resilient infrastructure is key to prevention and recovery in the event of any network compromise. Ideally systems would include internet security and antivirus software, a good computer habits and cyber hygiene program and a means for restoration of services with minimal impact should such need to be implemented. 4) Training IT staff and educating end-users are paramount. Weakness in awareness and complacency can undermine all of the previous efforts. Well trained, best practices and informed CIO/CTOs and network admins can supplement and/or replace the role of a CISO in many instances.