Today we are going to show you how to avoid ransomware attacks. There are many types of computer attacks, but there is one that has become particularly important in recent years, ransomware attacks.
How to avoid ransomware attacks?
A group of cybersecurity experts talked about the topic on Reddit in a discussion hosted by the California-based Institute for Security and Technology (IST). At the event were Jen Ellis and Bob Rudis of cybersecurity firm Rapid7, Marc Rogers of IT services firm Okta, James Shank of IT security firm Team Cymru and Allan Liska of cybersecurity firm Recorded Future.
In summary we can highlight the following points:
Okta’s Rogers commented that in most cases, ransomware is a malicious application that takes control of the system before spreading laterally to any and all connected systems. If one computer becomes infected, it must be immediately disconnected from the network so the problem does not affect the rest, without obtaining files from it to copy to any other machine.
Rapid7’s Rudis said most ransomware attackers don’t need advanced tools to achieve their goals. Many times the problems start with human action, so it’s important to use multifactor authentication, patching, protection and monitoring, as well as remote infrastructure scanning and threat hunting for attackers. The team must be trained to identify threats and not fall into traps.
It is possible to make configurations on the servers to avoid blocking at scale. Configurations on Active Directory and SMB (Server Message Block) servers, for example, can be studied.
Liska commented that there is no single software solution that solves the problem of ransomware or other types of attacks. It is not solved with antivirus and it is solved with the right policies, people, and protocols to quickly identify and stop threats.
On the other hand, they recommend users:
- To use strong passwords that are unique for each site or service we visit.
- To have good backups on several different devices that are never connected at the same time.
- To pay attention to the strange things that can happen, to suspicious links that we have clicked on unintentionally. From the time we click on a malicious link until the problem appears, it can take hours, so if we alert the security team to act sooner, we can save ourselves.
Now it is necessary to keep in mind that paying ransomware only fuels this type of action. In fact there are countries that are requiring organizations to report ransom payments and more regulation of the cryptocurrency industry, which will help to tackle the problem faster.