HOME
NEWS

How to Handle Ransomware & Other Advanced Cyber Attacks - A 360 Degree Approach


By VARINDIA - 2020-11-24
How to Handle Ransomware & Other Advanced Cyber Attacks - A 360 Degree Approach

Pradeep Saluja, General Manager - Cyber Security Practice, Tata Advanced Systems Limited.

 

Sometime back, one of our clients reached out to us in an emergency situation seeking help regarding ransomware attacks. Their infrastructure was hit by ransomware and attackers demanded undisclosed amounts in lieu of providing secret keys to decrypt the encrypted data that had been locked. We advised the client not to pay the ransom in any circumstances. This leaves an organization to either restore from clean backups or restart from the beginning after wiping everything.

 


In most of the real scenarios that I have experience, the infrastructures were highly prone not only to ransomware but also to other advanced cyber-attacks as well, had basic cyber protection, using outdated systems either end of life with no more updates or simply the updates to vulnerabilities were not applied even though the fix was available. In my view, Organizations still do not follow basic fundamentals of cybersecurity, lack visibility, and do not have a continuous risk assessment plan in place that can help them implement and govern cybersecurity controls effectively and respond against advanced ransomware attacks.

 


So, how do we handle ransomware attacks? Rather than focusing on the post-ransomware attack management, I will focus on the more critical part i.e. prevention or pre-attack stages. The sequential measures to not only counter ransomware but also to prepare for advanced, persistent, sophisticated & coordinated cyber-attacks include:


Step 1: Manage & Protect Network/Endpoint Devices/Servers/Applications/Databases etc.


•    Networks - Implement firewalls and Network Sensors across the infrastructure.
•    Endpoints (including mobile devices) - Look out for unified endpoint device management and advanced threat detection & response solutions including memory protection.
•    Servers/Workloads - Protect all servers with advanced application protection including memory protection to defend against vulnerability exploitation and advanced attacks (like ransomware).


Step 2: Keep Systems Updated with the Latest Versions and Patches for All Known Vulnerabilities  


There is no better preventive way other than “Patch – Scan – Patch” Approach. Few recommendations are listed below:

•    Run a scheduled scan to find out critical vulnerabilities across infrastructure
•    Install the recommended patches first
•    Implement and follow a mechanism to address identified vulnerabilities, particularly the high-risk ones, followed by moderate and low risk. 
•    Rescan the infrastructure and keep mitigating the risk of getting compromised

 

Step 3: Prevent Social Engineering Attacks


Quite frequently, advanced attacks like ransomware make use of social engineering tactics to infect networks.

 

•    Email Security Gateway including API integration for detection of spam, viruses, malware, ransomware and sophisticated phishing attacks like Business Email Compromise. Sandboxing shall be inbuilt to identity Zero-day attacks.
•    Organizations should run anti-phishing simulation regularly to identify users who are still susceptible to phishing attacks and subsequently, run phishing awareness campaigns for them to ensure that they understand the risk involved and can identify, contain and report such attacks for further investigation. Also, there should be in-built email forensics available for investigating advanced attacks. 
•    DMARC should be implemented for inbound and outbound emails to prevent spoofing attacks.

•    All web traffic, including encrypted HTTP/HTTPS (inbound and outbound), should be inspected for advanced attacks that usually come via social media sites, drive-by downloads, malvertising, instant messaging, etc. DNS security shall be implemented to detect malicious threats and stop data loss.

 

Step 4: Implement Least Privileged Access & Enable Strong Risk-Based Authentication

 

Cybercriminals use privileged credentials to gain access & compromise critical assets with ransomware attacks like Maze ransomware that not only encrypts data but also leaks confidential information in the public domain. Risk of exploiting privileged credentials can be minimised by implementing Privileged Access Management (PAM) strategy throughout the infrastructure. To prevent the lateral movement of the attackers and dangerous impacts of ransomware attacks, the principal of least privilege combined with credential theft prevention, regular rotation of credentials and isolation can be implemented. 


Identity and Access Management (IAM) including Single Sign-on (SSO) and strong risk-based authentication should be implemented to prevent ransomware attacks and further strengthen the identity-centric security, principal of least privileged access and segregation of duties.

 

Step 5: Data Security Controls 


The eventual goal of preventing ransomware attacks and strengthening security posture is to protect “Data”. Data can be accessed by users and devices anytime, especially while working from home owing to the global pandemic or to say from outside the business perimeter, which actually no longer exists and has already diminished as businesses are moving to cloud and mobile.


I would say that the current state of implementing data security controls is definitely not in an ideal shape. DLP solutions have been deployed, however, have not been configured and implemented properly. The main reason behind the failure is the lack of support required to help security teams identify & protect critical sensitive information.


To address this issue, organizations shall evaluate new and advanced tools like DLP/IRM/Watermarking/Tokenization etc. to discover, classify and protect sensitive data at rest, in motion and in use across hybrid infrastructure, especially cloud and mobile devices. Write down all the possible use cases of data leakage yourself and then explore solutions whether it requires management support, all-in-one tools or best-of-breed approach as you cannot wait for the perfect approach to come and safeguard data. 


Step 6: Continuous Security Monitoring & Response, Risk Assessment, Governance and Compliance   


The entire efforts of implementing the above-recommended steps will go waste if you do not implement Step 6 completely. What should you do?


•    Asset Register -  Discover all your assets in one place
•    Identify risks & applicable security controls to map against each asset
•    Assess the risk continuously – Use Vulnerability Assessment, Penetration Testing, Breach Attack Simulation, etc.
•    Monitor in real-time and respond to all security events originating from/targeting assets using in-house tools. Alternatively, you can also outsource a managed security services provider.
•    At last, you should have cyber forensics for investigating advanced attacks like ransomware. This is an essential exercise to know the root cause of attacks that will help you remediate the gaps in the system for protection against future attacks.

 

With all the provided steps, I am absolutely confident that enterprises will gain immense benefits and stay one step ahead of cybercriminals after defeating their malicious intents.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA