Home
Internet
Internet News
How Can You Prevent Ransomware Attacks? Cybersecurity Experts From Okta, Rapid7, Recorded Future, and Team Cymru Explain

How Can You Prevent Ransomware Attacks? Cybersecurity Experts From Okta, Rapid7, Recorded Future, and Team Cymru Explain

The major recommendations in the Ransomware Task Force Report include increased regulation of the cryptocurrency sector.

By Jasmin Jose | Updated: 8 July 2021 13:58 IST

How Can You Prevent Ransomware Attacks? Cybersecurity Experts From Okta, Rapid7, Recorded Future, and Team Cymru Explain

Photo Credit: Pexels/ Sora Shimazaku

One of the first things that we need to understand first is how ransomware infects a computer

Highlights

There isn’t a single software solution that will solve ransomware attacks
Use strong passwords that are unique to each site/ service
Governments should mandate that organisations report ransom payments

Is there anything that you can do to reduce the threat of a ransomware attack? And what should you do in case you're the victim of one? These were some of the questions that were answered by a group of cybersecurity experts who spoke about the topic of ransomware during a Reddit AMA. The discussion was organised by the California-based Institute of Security and Technology (IST), a non-profit organisation, and included Jen Ellis and Bob Rudis of the cybersecurity firm Rapid7, Marc Rogers of the IT services firm Okta, James Shank, of the computer security company, Team Cymru, and Allan Liska of the cybersecurity firm, Recorded Future .

Over the last year, ransomware attacks around the world surged by 150 percent according to a study by Singapore-based security firm Group-IB. Ransomware attacks occur when hackers use an extortion software to lock your system and then demand a ransom for its release. Such attacks have seen an exponential rise, with the ransomware breach at the Florida IT firm Kaseya during the first week of July being the last major one. This single attack affected up to 1,500 businesses worldwide.

Prior to the attack on Kaseya , a Russia-based group's ransomware attack forced the shutdown of Colonial Pipeline, the largest oil pipeline in the eastern United States. The attack crippled fuel delivery for several days in the US Southeast. This incident was followed by another on the world's largest meatpacker JBS SA. This string of attacks has prompted the US Department of Justice to elevate investigations of ransomware attacks to a similar priority as terrorism.

REvil Ransomware Attack: Coop, Other Firms Could Take Weeks to Recover

As the ransomware threats keep mounting, IST, a non-profit organisation, recently hosted an Ask Me Anything (AMA) session on Reddit where users could raise any questions related to ransomware and cybercrime, and what people can do to make themselves or their organisations a little safer.

What can you do to protect yourself or your business?

One of the things that we need to understand first is how ransomware infects a computer. “It really depends on the type of ransomware,” explained Rogers, of Okta. “In most cases it is a malicious application that takes control of your system before spreading laterally into any and all connected systems. Sometimes it can be an actual person that takes over your account and uses it to pivot into other systems to take them over also. Ultimately it ends with the same couple of things - your data gets stolen and an application, a locker, encrypts what's left behind and makes the demand for payment.”

Irish Ransomware Attack to Cost Health Service Tens of Millions of Euros

“Most ransomware attackers don't need advanced tooling to accomplish their goals. The Pipeline was ransomed because of plain credential use on a VPN. Not exactly rocket science,” Rudis, of Rapid7, added.

Actually protecting yourself or your company can be challenging because of both high-tech ways to beat security — and the very strong chance that as humans, we all make mistakes, as Rudis pointed out. Liska, of Recorded Future, suggested employing multi-factor authentication, patching, endpoint protection and monitoring, scanning of remote infrastructure, and threat hunting for attackers. Rudis pointed out that there are many safe configurations for workstations and servers that organisations either do not know about or have been reluctant to deploy.

“Just shoring up configurations on Active Directory and SMB (Server Message Block) servers alone can do wonders to help thwart attackers from being able to move laterally and encrypt or lock-out at scale,'' he said.

If You Are a Gamer, You Might Be Helping Hackers Get Crypto Rich

Liska also added that there isn't a single software solution that will solve the problem of ransomware or other types of attacks. “Tackling such threats requires a holistic approach to security. Not just software, but the right policies, people, and protocols in place to quickly identify and stop threats (are needed),” he said. Rudis added to the opinion saying, “There is no path to purchasing your way into ransomware defense.”

What should a regular person do?

But while many of these suggestions seem geared towards large organisations, individuals are also often targeted. In fact, a recent report by Daniel Benes, malware researcher at Avast, showed that gamers are increasingly being targeted by ransomware attackers. What should people do in this situation?

Shank suggested three basic things anyone could do to ensure greater safety for themselves, and also for the companies they're working for:

1. Use strong passwords that are unique to each site/ service that you visit.

2. Keep good backups, and consider using more than one backup device where both devices are never plugged in at the same time.

3. Be vigilant! If something strikes you as odd, alert your corporate security team. Did you click a link and think it might be bad? Report it. Most ransomware actors take time to inventory networks after the initial compromise, so there may be time to still protect your network and your device. Time is of the essence here though.

Can we put an end to the ransomware attacks?

The AMA also discussed the likelihood of a state or a rogue group taking down a critical infrastructure for a long period, thus severely disrupting life. Ellis, of Rapid7, said that such a scenario doesn't feel far-fetched at all. “We've already seen infrastructure be a target in several countries, and this is only likely to increase without intervention. Even when the attacker offers up the keys as they did with the attack on the Irish healthcare authority (HSE), it can take a long time to get operations fully back up and running. HSE is saying they think full recovery will cost them $600 million (roughly Rs. 4,480 crores),” Ellis said.

The cybersecurity experts are also a part of the Ransomware Task Force Report by IST on combating ransomware. The report gives a comprehensive framework for actions that can be taken to fight ransomware and makes recommendations of steps that can be enforced by governments, institutions, and organisations.

The major recommendations include suggestions to the governments to establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities, mandating that organisations report ransom payments, and increased regulation of the cryptocurrency sector. Coordinated, international diplomatic, and law enforcement efforts are also encouraged to proactively prioritise ransomware through a comprehensive, resourced strategy.

Windows 11 has been unveiled, but do you need it? We discussed this on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.