Site icon Software Strategies Blog

How To Deal With Ransomware In A Zero Trust World

The recent ransomware attacks on Lake City, FloridaRiviera Beach, FloridaLaPorte County, Indiana, the City of Baltimore, Maryland, and a diverse base of enterprises including Eurofins ScientificCOSCONorsk Hydro, the UK Police Federation, and Aebi Schmidt reflect higher ransoms are being demanded than in the past to release high-value systems. There’s been a 44% decline in the number of organizations affected by ransomware in the past two years, yet an 89% increase in ransom demands over the last 12 months according to the Q1, 2019 Ransomware Marketplace Report published by Coveware. The Wall Street Journal’s article “How Ransomware Attacks Are Forcing Big Payments From Cities, Counties” provides an excellent overview of how Ryuk, a ransomware variant, works and is being used to hold unprepared municipalities’ IT networks for ransom.

How To Handle A Ransomware Attack

Interested in learning more about ransomware and how to help municipalities and manufacturers protect themselves against it, I attended Centrify’s recent webinar, “5 Steps To Minimize Your Exposure To Ransomware Attacks”. Dr. Torsten George, noted cybersecurity evangelist, delivered a wealth of insights and knowledge about how any business can protect itself and recover from a ransomware attack. Key insights from his webinar include the following:

  1. Immediately Establish A Secure Admin Environment. To prevent malware from spreading during sessions that connect servers with privileged access, establish policies that only authorize privileged access from a “clean” source. This will prevent direct access from user workstations that are connected to the Internet and receive external email messages, which are too easily infected with malware.
  2. Secure remote access from a Zero Trust standpoint first, especially if you are working with remote contractors, outsourced IT, or development staff. When remote access is secured through a Zero Trust-based approach, it alleviates the need for a VPN and handles all the transport security between the secure client and distributed server connector gateways. Ransomware can travel through VPN connections and spread through entire corporate networks. Taking advantage of a reverse proxy approach, there is no logical path to the network, and ransomware is unable to spread from system to the network.
  3. Zoning off access is also a must-have to thwart ransomware attacks from spreading across company networks. The webinar showed how it’s a very good idea to create and enforce a series of access zones that restrict access by privileged users to specific systems and requires multi-factor authentication (MFA) to reach assets outside of their zone. Without passing an MFA challenge, ransomware can’t spread to other systems.
  4. Minimizing attack surfaces is key to stopping ransomware. Minimizing attack surfaces reduces ransomware’s potential to enter and spread throughout a company’s network. Dr. George made the point that vaulting away shared local accounts is a very effective strategy for minimizing attack surfaces. The point was made that ransomware does not always need elevated privileges to spread, but if achieved, the impact will be much more damaging.
  5. Least Privilege Access is foundational to Zero Trust and a must-have on any network to protect against ransomware. When least privilege access is in place, organizations have much tighter, more granular control over which accounts and resources admin accounts and users have access to. Ransomware gets stopped in its tracks when it can’t install files or achieve least privilege access to complete installation of a script or code base.

Conclusion

Ransomware is the latest iteration of a criminal strategy used for centuries for financial gain. Holding someone or something for ransom has now graduated to holding entire cities and businesses hostage until a Bitcoin payment is made. The FBI warns that paying ransomware attackers only fuels more attacks and subsidizes an illegal business model. That’s why taking the preventative steps provided in the Centrify webinar is something every business needs to consider today.

Staying safe from ransomware in the modern threatscape is a challenge, but a Zero Trust Privilege approach can reduce the risk your organization will be the next victim forced to make a gut-wrenching decision of whether or not to pay a ransom.

Exit mobile version