As we head into the Holiday Season, Information Security workers typically see a dramatic increase in cyber malfeasance, including ransom attacks.
Ransomware is a lucrative industry for cybercriminals, and relatively easy to pull off. While past holiday follies included highly automated tools and scripts, we must consider ransomware tools are even available to less sophisticated hackers, many of whom are students returning home from the holidays.
Ransomware events generally occur as a result of poor security practices and can be prevented. Ransomware can be delivered by email, credential stuffing, by drive-by downloads, and through lateral movement from previously infected systems and sleepers.
A few simple steps can help prevent most non-targeted infections:
- Maintain offline non-automated backups of any critical systems or data storage. Offline backups are those that are manually created and stored in a separate location, i.e., external hard drives or other media, a manual copy made to a cloud storage provider. These offline backups allow you to restore from a clean copy of your data if/when needed.
- Phishers will try to trick employees into installing malware. Provide awareness training and reminders as we head into the holiday period.
- Keep antivirus and operating systems up to date. Microsoft Defender is free on Windows 10. Use it without hesitation.
- Most new Unified Threat Management/Next-Generation Firewalls can kill connections before infection.
- Global Guardian also recommends the use of a good anti-evasion application. These applications automatically kill any action that tries to evade antivirus.
- SOC Operators should be especially vigilant.
Opportunistic ransomware events often occur in small and medium-sized businesses because they lack even foundational levels of security. Even one infection can cause a bad holiday period.
Global Guardian provides preventative, anti-ransomware solutions and SOC as a service for 24 hour monitoring and response. To learn more or request support, contact our security professionals by emailing OperationsCenter@globalguardian.com.