Cybersecurity Tips to Avoid Ransomware Attacks

  /  ICS Security   /  Cybersecurity Tips to Avoid Ransomware Attacks
cybersecurity

Cybersecurity Tips to Avoid Ransomware Attacks

This latest ransomware attack on Colonial Pipeline is another call to action for all organizations to increase their cybersecurity efforts, harden their networks against attacks, and improve visibility to malicious actors in your network.

Ransomware attacks have gone through many iterations and we’re now seeing phase 4 of these types of attacks. The majority of the time now we’re seeing a double extortion model, but the main shift we’re now seeing is the targeting of critical business systems. In this latest case, it does not appear that OT systems were affected but the IT systems associated with the network were likely targeted.

Cybersecurity Tips Against Ransomware

We will continue to see ransomware used in the future, and as such organizations need to take the time to put in place an incident response plan focused on the new model of ransomware attacks. Some points to consider:

  1. Understand that you will be a target. Every business can likely be on the radar of malicious actors, but those in critical infrastructure need to assess the likelihood of becoming a victim now.
  2. Dedicated attackers will find a way into your network. Access as a Service (usually where another group performs the initial access and sells it to another group) is used regularly now, and whether via a phished employee, a vulnerable system open to the internet, or using a supply chain attack, the criminals will likely find a way in.
  3. The malicious use of legitimate tools are a preferred tactic used across the entire attack lifecycle. Check out a recent blog on this topic.
  4. Your key administrator and application account credentials will be targeted.
  5. Ransomware actors will look to exfiltrate data to be used in the double extortion model.
  6. The ransomware component will be the last option in their malicious activities as it is the most visible part of the attack lifecycle and as such you will then know you’ve been compromised.

Read the full post on ransomware from Trend Micro for more tips.

About the Author

Jon Clay Director, Global Threat Communications at Trend Micro