Just a few weeks ago several federal agencies, including the HHS and the FBI, issued a joint cybersecurity advisory warning healthcare organizations about an increased and imminent cybercrime threat from Russian criminal groups targeting hospitals with Ryuk ransomware. We at CyberMaxx have also issued threats to our customers warning of Maze ransomware targeting Cognizant.
“The threat of a ransomware attack on healthcare organizations has never been more real, and the sophistication of bad actors and their attacks have grown tremendously over the past few months,” says Thomas Lewis, CEO of CyberMaxx. What makes these cyberattacks so potent is their ability to go unnoticed weeks or even months before they execute encryption of the victim’s data files. This gives malicious actors insight into the most valuable resources and systems which they leverage as ransom.
Don’t think it could happen to your organization? To date, our friends at CrowdStrike found that threat actors targeting enterprise environments with Ryuk have netted over $3 million dollars since it was introduced in August. We’ve pulled together best practices and steps you can take to better protect your network from ransomware. While there’s no one way to protect your network, implementing a combination of these steps will help minimize exposure.
Beef up end-user education on identifying phishing attacks
Create monthly user education and reminders to help end-users better spot suspicious emails and documents before it’s too late. Additionally, set up parameters so that employees have to pick a strong password and change them frequently – quarterly or bi-annually.
Expert tip: Disable macros for documents received via email. Phishing emails commonly attach macro-infected word documents that deliver ransomware and hold networks hostage.
Employ a layered security approach that maps to the “Cyber Kill Chain”
The ability to gain visibility and enforce policy at multiple points on the cyber kill chain is a must for enterprise organizations. Many organizations rely on protections only in a few locations, such as relying solely on perimeter protections. This not a good practice. Make sure you have sufficient network, endpoint, server, and application visibility and enforcement, both on-prem and in the cloud.
Deploy a next-generation endpoint protection solution
Endpoints are one of the most vulnerable aspects of your environment – so it’s key to deploy a best-in-breed solution. Next-generation endpoint protection solutions like CrowdStrike Falcon include machine learning capabilities that can spot suspicious files and provide attack indicators faster than anything else on the market.
Managed endpoint solutions offer a dedicated cybersecurity team with experts who monitor endpoints, perform strategic analyses, and detect behavioral anomalies. At CyberMaxx we’ve partnered with CrowdStrike to offer dynamic endpoint solution that alerts users to potential threats, while simultaneously taking action to prevent any damage to the endpoints.
Reduce the surface area of attack
- Employ a Patch Management Policy that encompasses devices and software in your network.
- Keep a log of when devices and software were last patched and follow a patching schedule.
Expert tip: A basic reoccurring calendar invite can help hold you and your team accountable to a strict schedule for patching.
- Employ GeoIP Filtering to help block Internet traffic from countries you don’t do business with and reduce exposure.
- Leverage a Least Privileges Model. Restrict users to only the permissions that they need for their job functions – this limits the spread of ransomware and lateral movement.
- Ensure you have a Backup and Recovery Plan. Follow the old but time-honored ‘3-2-1’ rule for system/data backups: At least three copies, on two devices, and one offsite. Test the restoration process often to easily recover from a ransomware incident.
- Employ Multi-Factor Authentication. This can help neutralize credential harvesting, protect passwords, and help alert you to potential attacks and reduce lateral movement.
Monitor capabilities to identify malicious activity 24×7
Leverage industry-specific threat intelligence. Finding a cybersecurity company with expertise in the field will provide access to the most up-to-date and comprehensive data on new/active threats.
A managed solution is also highly recommended considering dynamic scope of IT security. With a rapidly evolving technology and cyberthreat landscape it’s important to have the most knowledgeable team available. Extending your team and security through a managed solution can provide optimal security 24/7/365.