return to news
News

The 6 Best Practices to Prevent Ransomware Infection

Steve Durbin
Published 21 - January - 2022
riskemerging threatsransomware
Source: Future of Business and Tech
Read full article

Steve Durbin is Chief Executive of Information Security Forum. He is a frequent speaker on the Board’s role in cybersecurity and technology.

Ransomware needs no introduction and is perhaps the most damaging and widespread form of cybercrime in years. Several high-profile businesses fell hostage to ransomware in the first half of 2021, with U.S. agencies now prioritizing ransomware incidents as serious acts of terrorism.

In 2020, attack incidents grew by 800 percent, and 73 percent of those attacks were successful. This year, researchers are reporting a two-fold rise in ransomware-led cybercrime.

Attack techniques and common root causes

While the FBI is reportedly tracking as many as 100 variants of ransomware, most ransomware vectors follow a common thread. Here are the top attack vectors:

  • Targeted attacks: Attackers deliberately target businesses with a motive to inflict damage, cause reputational harm, exfiltrate sensitive information, extract a ransom payment, or all of the above. For example, a new malware that deliberately destroys data on infected devices, AKA wiper ransomware, is used to carry out espionage and destroy information.
  • Supply chain attacks: Modern enterprises have strong defenses and mature processes in place, but intermediaries and third-parties sometimes do not. The growth in supply chain attacks proves attackers are fully aware that supply chains can be leveraged to get a foot in the door of the target organization. The European Union Agency for Cybersecurity predicted supply chain attacks would quadruple in 2021 compared to 2020.
  • Unintentional attacks: There’s always a possibility for victims getting infected by clicking on a mass phishing email, visiting an infected web page, downloading a malware-laced file or application, or through collateral damage resulting from a ransomware attack on a partner organization. In the case of a double extortion, when a mental therapy center was attacked by ransomware, the extortionists leveraged the stolen data and heartlessly blackmailed patients.

Ransomware is a symptom of an infection, and infections are the results of common root causes that include:

  • Spam/phishing emails: This is by far one of the most prevalent social-engineered threat vectors and root causes of ransomware.
  • Poor user practices: Victims lack security awareness, are careless in their online behavior, and do not practice the art of healthy skepticism. This habit eventually leads to a malware infection.
  • Weak passwords: Poor password management is also a common root cause of ransomware attacks. Password reuse is a common phenomenon, and credentials are often stolen by hackers and sold on the dark web. The ransomware attack that took down the Colonial Pipeline earlier this year was the result of a compromised password.

Read the full article here