Blog

4 minutes

Ransomware Checklist To Minimize Exposure

Ransomware Checklist to Minimize Exposure

The simple answer is you can never really be doing enough.

These criminals use sophisticated partnership models to deliver malicious payloads that exploit multiple vulnerabilities. Unfortunately, common control configurations and governance are not being applied in many organizations; attacks are often under-documented and only basic levels of control exist. Because ransomware groups constantly change tactics, security has to evolve with them and ensure that monitoring tools light up malicious events or suspicious activity.

Do not attempt to do this manually; invest in a security services team and a SIEM (Security Incident and Event Management) tool, with a layer of Managed Detection and Response.

What are the common attack vectors?

Only by understanding the methods that cybercriminals use can you mitigate the risks. Three of the most common vectors for ransomware attackers are:

  1. Social engineering – Phishing
    They lure employees to click on a link in spoof emails to obtain user credentials, which can immediately be used to harvest organizational details.
  2. Remote Services – Remote Desktop Protocol
    They log into a computer using the Remote Desktop Protocol (RDP) or similar. Actions are then performed under that user identity, or they attempt to elevate privileges.
  3. Exploit Application (Internal/External)
    They take advantage of an application bug or vulnerability that has not been patched and will instruct it to perform functions of malicious behavior.

What steps should you take?

Large cyber security working groups and organizations like the Centre for Internet Security recommend best practice processes and procedures that Ergo aligns with. In the case of ransomware, there are key areas we can assess and augment to give you the best possible cyber security posture.

Backups – You need a backup strategy that addresses your recovery point and recovery time objectives. Backup copies need to be encrypted and protected against ransomware activity. Test regularly and keep an offline copy if possible. With cloud, use immutable/WORM technology and follow the three-tier storage model for your data.

Identity/Access Control – Adopt a zero-trust approach with a least privilege model that assumes everyone and every medium, is a threat. Only grant permissions relevant to roles and use privilege identity management if available. Limit the use of administrative accounts and create passwords with 15 characters or more. Ensure multifactor authentication is made mandatory. Remove any legacy authentication protocols and ensure that all sign-in activity is actively monitored with alerts.

Multi-Factor Authentication – Enforce MFA for all users. This is not an option; it’s essential and should be hardwired into all IT systems.

Security Awareness Training – Align a monthly program to the NIST Cybersecurity Framework; review and report on it annually. Where possible, do table-top exercises with the business owners of a process.

Mail Domain Security – Use SPF,DKIM and DMARC, these text records help authenticate email senders and recipients; they work together to provide protection against spam, domain spoofing, and phishing.

Removable Media – Block the use of removable media and only sanction by exception. When it is allowed, scan on access and use encrypted removable media.

Server Message Block – The protocol is vital for network file sharing protocol but needs to be blocked across different segments with your firewall/L3 device. Do not allow SMB ports to/from the internet and disable SMBv1.

Virtual Private Network – Multistage or multi layered VPN services are readily available and must be used to secure remote access in and out of the organization.

Vulnerability and Patch Management – If you haven’t updated your patch management program recently, do it now and reduce the use of applications to critical functions only. Deploy security patches as soon as possible. Scanning environments for vulnerabilities should be a recurring service, including public IP ranges for open systems on the internet.

Incident Response Management – Create a strategy for incident response and document your playbooks. Use critical contact tree visualizations or the communications plan from your business continuity management documentation.

Logging – Increase the logging ability of your IT systems and ‘ship’ this into a log streaming service using a SIEM or a specialist provider like Ergo. Encrypt your logs where possible; review and familiarize yourself with baseline activity of event data, making it easier to identify anomalies.

Plans and preparation

Planning and preparation are the best form of defense against increasingly sophisticated attacks. Use security frameworks to produce gap analysis and create a program of work to close out the findings or recognize the risk that the organization now has to accept, transfer, or mitigate. If in doubt, talk to Ergo. Our security experts can help manage, detect, and respond to your event data and we will quickly build an understanding of your security posture to put you in a better place to remediate a ransomware incident.

To read more about our Managed Detection and Response Services click here 

Alternatively if you have any queries about any of these above issues, please contact our security team at securityteam@ergotechnologygroup.com or your account manager directly.

Related Blogs

                            Array
(
    [ID] => 88134
    [id] => 88134
    [title] => image (4) (1)
    [filename] => image-4-1.png
    [filesize] => 421568
    [url] => https://ergotechnologygroup.com/wp-content/uploads/2024/10/image-4-1.png
    [link] => https://ergotechnologygroup.com/us/insights/blog-us/key-takeaways-from-fabcon-europe-2024/attachment/image-4-1-2/
    [alt] => Key Takeaways from FabCon Europe 2024 
    [author] => 18
    [description] => 
    [caption] => 
    [name] => image-4-1-2
    [status] => inherit
    [uploaded_to] => 88613
    [date] => 2024-10-14 16:19:45
    [modified] => 2024-10-23 08:38:54
    [menu_order] => 0
    [mime_type] => image/png
    [type] => image
    [subtype] => png
    [icon] => https://ergotechnologygroup.com/wp-includes/images/media/default.png
    [width] => 748
    [height] => 488
    [sizes] => Array
        (
            [thumbnail] => https://ergotechnologygroup.com/wp-content/uploads/2024/10/image-4-1-150x150.png
            [thumbnail-width] => 150
            [thumbnail-height] => 150
            [medium] => https://ergotechnologygroup.com/wp-content/uploads/2024/10/image-4-1-300x196.png
            [medium-width] => 300
            [medium-height] => 196
            [medium_large] => https://ergotechnologygroup.com/wp-content/uploads/2024/10/image-4-1.png
            [medium_large-width] => 748
            [medium_large-height] => 488
            [large] => https://ergotechnologygroup.com/wp-content/uploads/2024/10/image-4-1.png
            [large-width] => 748
            [large-height] => 488
            [1536x1536] => https://ergotechnologygroup.com/wp-content/uploads/2024/10/image-4-1.png
            [1536x1536-width] => 748
            [1536x1536-height] => 488
            [2048x2048] => https://ergotechnologygroup.com/wp-content/uploads/2024/10/image-4-1.png
            [2048x2048-width] => 748
            [2048x2048-height] => 488
        )

)
1
                            
Key Takeaways from FabCon Europe 2024

Blog

Key Takeaways from FabCon Europe 2024

                            Array
(
    [ID] => 54202
    [id] => 54202
    [title] => Dairygold
    [filename] => Dairygold.png
    [filesize] => 849769
    [url] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold.png
    [link] => https://ergotechnologygroup.com/us/events/app-in-a-day/attachment/dairygold-2/
    [alt] => 
    [author] => 18
    [description] => 
    [caption] => 
    [name] => dairygold-2
    [status] => inherit
    [uploaded_to] => 55580
    [date] => 2024-01-19 18:52:10
    [modified] => 2024-01-19 18:52:10
    [menu_order] => 0
    [mime_type] => image/png
    [type] => image
    [subtype] => png
    [icon] => https://ergotechnologygroup.com/wp-includes/images/media/default.png
    [width] => 1500
    [height] => 867
    [sizes] => Array
        (
            [thumbnail] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold-150x150.png
            [thumbnail-width] => 150
            [thumbnail-height] => 150
            [medium] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold-300x173.png
            [medium-width] => 300
            [medium-height] => 173
            [medium_large] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold-768x444.png
            [medium_large-width] => 768
            [medium_large-height] => 444
            [large] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold-1024x592.png
            [large-width] => 1024
            [large-height] => 592
            [1536x1536] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold.png
            [1536x1536-width] => 1500
            [1536x1536-height] => 867
            [2048x2048] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold.png
            [2048x2048-width] => 1500
            [2048x2048-height] => 867
        )

)
1
                            

Blog

3 Ways Your Legacy IT Infrastructure May Undermine Innovation

                            Array
(
    [ID] => 54202
    [id] => 54202
    [title] => Dairygold
    [filename] => Dairygold.png
    [filesize] => 849769
    [url] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold.png
    [link] => https://ergotechnologygroup.com/us/events/app-in-a-day/attachment/dairygold-2/
    [alt] => 
    [author] => 18
    [description] => 
    [caption] => 
    [name] => dairygold-2
    [status] => inherit
    [uploaded_to] => 55580
    [date] => 2024-01-19 18:52:10
    [modified] => 2024-01-19 18:52:10
    [menu_order] => 0
    [mime_type] => image/png
    [type] => image
    [subtype] => png
    [icon] => https://ergotechnologygroup.com/wp-includes/images/media/default.png
    [width] => 1500
    [height] => 867
    [sizes] => Array
        (
            [thumbnail] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold-150x150.png
            [thumbnail-width] => 150
            [thumbnail-height] => 150
            [medium] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold-300x173.png
            [medium-width] => 300
            [medium-height] => 173
            [medium_large] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold-768x444.png
            [medium_large-width] => 768
            [medium_large-height] => 444
            [large] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold-1024x592.png
            [large-width] => 1024
            [large-height] => 592
            [1536x1536] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold.png
            [1536x1536-width] => 1500
            [1536x1536-height] => 867
            [2048x2048] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Dairygold.png
            [2048x2048-width] => 1500
            [2048x2048-height] => 867
        )

)
1
                            

Blog

Unlocking Environmental Sustainability and Cost Savings with Virtual Desktop Infrastructure

                            Array
(
    [ID] => 47139
    [id] => 47139
    [title] => viktor-kiryanov-994111
    [filename] => viktor-kiryanov-994111.jpg
    [filesize] => 103409
    [url] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/viktor-kiryanov-994111.jpg
    [link] => https://ergotechnologygroup.com/us/insights/news/ergo-joins-global-elite-of-microsoft-partners-with-azure-expert-msp-status/attachment/viktor-kiryanov-994111-2/
    [alt] => 
    [author] => 13
    [description] => 
    [caption] => 
    [name] => viktor-kiryanov-994111-2
    [status] => inherit
    [uploaded_to] => 55472
    [date] => 2023-12-11 16:46:17
    [modified] => 2023-12-11 16:46:17
    [menu_order] => 0
    [mime_type] => image/jpeg
    [type] => image
    [subtype] => jpeg
    [icon] => https://ergotechnologygroup.com/wp-includes/images/media/default.png
    [width] => 1500
    [height] => 859
    [sizes] => Array
        (
            [thumbnail] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/viktor-kiryanov-994111-150x150.jpg
            [thumbnail-width] => 150
            [thumbnail-height] => 150
            [medium] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/viktor-kiryanov-994111-300x172.jpg
            [medium-width] => 300
            [medium-height] => 172
            [medium_large] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/viktor-kiryanov-994111-768x440.jpg
            [medium_large-width] => 768
            [medium_large-height] => 440
            [large] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/viktor-kiryanov-994111-1024x586.jpg
            [large-width] => 1024
            [large-height] => 586
            [1536x1536] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/viktor-kiryanov-994111.jpg
            [1536x1536-width] => 1500
            [1536x1536-height] => 859
            [2048x2048] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/viktor-kiryanov-994111.jpg
            [2048x2048-width] => 1500
            [2048x2048-height] => 859
        )

)
1
                            

Blog

Reset network management and security withSASE

                            Array
(
    [ID] => 54067
    [id] => 54067
    [title] => Frame 2
    [filename] => Frame-2-2.png
    [filesize] => 256373
    [url] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Frame-2-2.png
    [link] => https://ergotechnologygroup.com/us/insights/blog-us/ergo-and-vmware-help-financial-services-companies-towards-dora-compliance/attachment/frame-2-3/
    [alt] => 
    [author] => 18
    [description] => 
    [caption] => 
    [name] => frame-2-3
    [status] => inherit
    [uploaded_to] => 55425
    [date] => 2024-01-19 12:21:18
    [modified] => 2024-01-19 12:21:18
    [menu_order] => 0
    [mime_type] => image/png
    [type] => image
    [subtype] => png
    [icon] => https://ergotechnologygroup.com/wp-includes/images/media/default.png
    [width] => 1345
    [height] => 664
    [sizes] => Array
        (
            [thumbnail] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Frame-2-2-150x150.png
            [thumbnail-width] => 150
            [thumbnail-height] => 150
            [medium] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Frame-2-2-300x148.png
            [medium-width] => 300
            [medium-height] => 148
            [medium_large] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Frame-2-2-768x379.png
            [medium_large-width] => 768
            [medium_large-height] => 379
            [large] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Frame-2-2-1024x506.png
            [large-width] => 1024
            [large-height] => 506
            [1536x1536] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Frame-2-2.png
            [1536x1536-width] => 1345
            [1536x1536-height] => 664
            [2048x2048] => https://ergotechnologygroup.com/wp-content/uploads/2024/01/Frame-2-2.png
            [2048x2048-width] => 1345
            [2048x2048-height] => 664
        )

)
1
                            

Blog

Ergo and VMware help financial services companies towards DORA compliance

                            Array
(
    [ID] => 46598
    [id] => 46598
    [title] => Teams_Conferences_Banner
    [filename] => Teams_Conferences_Banner.png
    [filesize] => 446911
    [url] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/Teams_Conferences_Banner.png
    [link] => https://ergotechnologygroup.com/us/insights/blog-us/making-microsoft-teams-conferences-a-better-experience-for-all/attachment/teams_conferences_banner-2/
    [alt] => 
    [author] => 8
    [description] => 
    [caption] => 
    [name] => teams_conferences_banner-2
    [status] => inherit
    [uploaded_to] => 55426
    [date] => 2023-12-07 22:54:23
    [modified] => 2023-12-07 22:54:23
    [menu_order] => 0
    [mime_type] => image/png
    [type] => image
    [subtype] => png
    [icon] => https://ergotechnologygroup.com/wp-includes/images/media/default.png
    [width] => 1480
    [height] => 492
    [sizes] => Array
        (
            [thumbnail] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/Teams_Conferences_Banner-150x150.png
            [thumbnail-width] => 150
            [thumbnail-height] => 150
            [medium] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/Teams_Conferences_Banner-300x100.png
            [medium-width] => 300
            [medium-height] => 100
            [medium_large] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/Teams_Conferences_Banner-768x255.png
            [medium_large-width] => 768
            [medium_large-height] => 255
            [large] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/Teams_Conferences_Banner-1024x340.png
            [large-width] => 1024
            [large-height] => 340
            [1536x1536] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/Teams_Conferences_Banner.png
            [1536x1536-width] => 1480
            [1536x1536-height] => 492
            [2048x2048] => https://ergotechnologygroup.com/wp-content/uploads/2023/12/Teams_Conferences_Banner.png
            [2048x2048-width] => 1480
            [2048x2048-height] => 492
        )

)
1
                            

Blog

Making Microsoft Teams conferences a better experience for all