Ransomware is the most urgent cyber threat targeting organizations at present. Disruption to critical infrastructure services due to devastating ransomware attacks are frequently in the news. The problem is so severe that it is now a topic of discussion, and hopefully a priority, for Government.
Taking the necessary steps to defend against ransomware attacks is core to business operations. This is true for all organizations irrespective of their size, as many of those mounting the attacks are unskilled cybercriminals using ransomware-as-a-service tools. The availability of such tools and the rewards that attackers get via ransomware payments has attracted the worst people, inflated the threat surface, and driven attacks towards smaller organizations.
Organizations need to take steps to guard against falling victim to ransomware attacks by using cybersecurity best practices to help prevent ransomware. However, the complexity of modern IT infrastructure, the ever-changing nature of deployments, and the changing tactics employed by cybercriminals mean that staying up to date with the latest defense solutions and thinking is difficult.
Critical Insight has the experience and the expertise to be your cyber-defense partner. We have the threat landscape knowledge to implement and deliver the cybersecurity protections needed to reduce the risk from ransomware attacks.
At Critical Insight, we use our experience from multiple projects protecting critical infrastructure in healthcare, energy services, water services, the public sector, and others to deliver best practices to every organization. Critical Insight is a Preferred Cybersecurity Service provider to the American Hospital Association, so you can trust that your cyber defense is in good hands. We Defend. You Thrive.
Partnering to Build Strong Cybersecurity Defenses
As every organization and its network and IT systems are unique, it follows that the solutions deployed to defend against ransomware will also vary between organizations. However, ransomware attacks follow well-known pathways to breach security and infect IT systems.
Critical Insight's cybersecurity experts work with each organization's Management & IT teams to ensure that the proper protections are in place. This process includes several steps, as outlined below.
Gap Analysis & Risk Assessments
Determining the risk from ransomware attacks starts with a gap analysis to discover vulnerabilities in the current protections. This leads to risk assessment report and recommendations on how to plug any gaps. Any vulnerabilities found are classified according to risk and severity, with the most dangerous addressed first.
See the Gap Analysis & Risk Assessments page for more details on this step in a ransomware defense strategy.
Detecting Ransomware Activity
When ransomware evades perimeter security measures and gains a foothold on a network, it then carries out actions to spread laterally and infect as many other devices on the network as possible.
These actions include network discovery to find other network devices via Port Scanning, ARP Scanning, Vertical TCP SYN scans.
Once new devices get discovered, the ransomware attempts lateral movement on the network by logging on to them and spreading the ransomware. This step uses existing technologies like the Remote Desktop Protocol (RDP) to try to brute-force login attempts.
The network scanning and remote login activity that ransomware performs on an infected network generates telltale signs that are detectable by Critical Insight’s Managed Detection & Response solution.
Rapid Incident Response
Taking defensive measures and detecting telltale ransomware activity are only parts of a comprehensive ransomware protection strategy.
The number of successful ransomware attacks shows that it's best to assume that an attack will succeed at some point. When ransomware gains a foothold on the network and is detected, a preplanned and rapid incident response plan has to be in place.
Critical Insight's Total Security solution includes a Rapid Quarantine component that can often contain an incident in minutes. This containment stops the lateral spread of ransomware and reduces the number of systems it infects, the damage caused, and reduces the costs associated with eradicating the ransomware and cleaning any infected systems.
The Active Cyber Incident Response page has more details on the Critical Insight incident response procedures.