{"id":19693,"date":"2022-07-27T04:10:04","date_gmt":"2022-07-27T12:10:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/07\/27\/news-13426\/"},"modified":"2022-07-27T04:10:04","modified_gmt":"2022-07-27T12:10:04","slug":"news-13426","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/07\/27\/news-13426\/","title":{"rendered":"Simplifying the fight against ransomware: An expert explains"},"content":{"rendered":"<p><strong>Credit to Author: Bill Cozens| Date: Wed, 27 Jul 2022 11:56:55 +0000<\/strong><\/p>\n<p><a href=\"https:\/\/go.malwarebytes.com\/fightingransomware.html\">Fighting against ransomware<\/a> can be difficult\u2014especially if your organization has limited IT resources to begin with. But Adam Kujawa, security evangelist and director of Malwarebytes Labs, has a few tips for overburdened IT folks looking to simplify their fight against ransomware.&nbsp;<\/p>\n<p>In this post, we\u2019ll break down Kujawa\u2019s observations about ransomware and three tips on how businesses can have an easier time in preventing, detecting, and remediating ransomware.<\/p>\n<h2>The importance of \u201cknowing thy enemy\u201d<\/h2>\n<p>Most ransomware attacks are not sophisticated, state-sponsored cyber operations, Kujawa says. Instead, there\u2019s a team of seven or eight people sitting behind computers, trying to break into your network.&nbsp;<\/p>\n<p>In other words, ransomware attackers are not usually using any advanced technology or tactics: a lot of times it\u2019s simply an attack of opportunity. For example, your network might have had a vulnerability. Someone might have clicked on the wrong link. You might have misconfigured some port and there\u2019s a <a href=\"https:\/\/www.malwarebytes.com\/cybersecurity\/business\/brute-force-attack\">brute-forcing<\/a> campaign going on.&nbsp;<\/p>\n<p>\u201cSo rather than thinking of ransomware actors as these highly sophisticated super hackers, think of them as common thugs. They expect you to be unprepared for their attack, which they believe will lead to a payoff for them,\u201d says Kujawa.<\/p>\n<p>The key takeaway here is this: Even smaller businesses with fewer IT resources can easily prevent or stop ransomware attacks with the right amount of planning. You don\u2019t need a dedicated SOC or crazy enterprise-grade cybersecurity to deal with \u201cattacks of opportunity.\u201d<\/p>\n<h2>3 tips to simplify the fight against ransomware<\/h2>\n<h3>1. Choose an effective and easy-to-use Endpoint Detection and Response (EDR) software&nbsp;<\/h3>\n<p>When it comes to ransomware, resource-constrained organizations with small-to-non-existent security teams are in greater need of <a href=\"https:\/\/www.malwarebytes.com\/business\/edr\">EDR<\/a>\u2014but many EDR products are designed for large enterprises with large and highly-skilled security teams.<\/p>\n<p>If we want to simplify the fight against ransomware, our EDR should not only be effective but simple and easy-to-use as well.\u00a0<\/p>\n<p>On the <a href=\"https:\/\/blog.malwarebytes.com\/malwarebytes-news\/2022\/04\/malwarebytes-evaluation-of-the-mitre-engenuity-attck-round-4-emulations\/\">effectiveness<\/a> front, Kujawa says that there are four main things to look at when trying to determine an EDR platform to deploy to combat ransomware:<\/p>\n<ul>\n<li>Being able to quickly <strong>identify<\/strong> and <strong>isolate<\/strong> systems that are infected with ransomware.<\/li>\n<li><strong>Detecting ransomware-like behavior<\/strong> and being able to automatically kill and remove the threat from the system.<\/li>\n<li>A solution that provides <strong>options for file recovery<\/strong> (in case something does get encrypted)<\/li>\n<li>Finally, these <strong>features are valuable for detecting and thwarting all malware<\/strong>, not just ransomware:\n<ul>\n<li><a href=\"https:\/\/support.malwarebytes.com\/hc\/en-us\/articles\/360038523394-What-is-Exploit-Protection\">Exploit prevention<\/a><\/li>\n<li><a href=\"https:\/\/service.malwarebytes.com\/hc\/en-us\/articles\/4413799320595-Suspicious-Activity-Monitoring-in-Malwarebytes-Nebula\">Behavioral detection of never-before-seen malware<\/a><\/li>\n<li><a href=\"https:\/\/www.malwarebytes.com\/cybersecurity\/business\/what-is-dns-filtering\">Malicious website blocking<\/a><\/li>\n<li><a href=\"https:\/\/www.malwarebytes.com\/cybersecurity\/business\/brute-force-attack\">Brute force protection<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>On the ease-of-use front, Robert Zamani, Regional Vice President, Americans Solutions Engineering at Malwarebytes, also has four suggestions when choosing an EDR platform:<\/p>\n<ul>\n<li>Ask about the <strong>time required<\/strong> to set up the management console and whether it\u2019s <strong>cloud-based<\/strong>.<\/li>\n<li>Get proof of the time <strong>required to deploy the endpoint <\/strong>agent across a given number of endpoints.&nbsp;<\/li>\n<li>Have a \u201c<strong>single pane of glass<\/strong>\u201d and<a href=\"https:\/\/www.malwarebytes.com\/resources\/files\/2020\/02\/malwarebytes-nebula-data-sheet.pdf\"> an intuitive UI<\/a> that gives you visibility into all activity across your entire organization.<\/li>\n<li>Easy, <strong>non-vendor-specific language <\/strong>describing the detected suspicious activity (<a href=\"https:\/\/attack.mitre.org\/\">MITRE ATT&amp;CK<\/a>)<\/li>\n<\/ul>\n<h3>2. Build out a comprehensive recovery plan<\/h3>\n<p>The simplicity in building out a comprehensive ransomware recovery plan isn\u2019t in the development of the plan, but rather the plan itself makes things easier when an attack does occur.&nbsp;&nbsp;<\/p>\n<p>\u201cA huge issue for many organizations, when hit with ransomware, is scrambling to figure out how to stop it or reduce the damage done by the threat,\u201d Kujawa says. \u201cA recovery plan provides detailed guidance on who to call, system data classifications, procedures for preserving evidence, who your incident response or law enforcement contacts are, etc.\u201d<\/p>\n<p>An idea on how to make the creation of this simpler, is to provide a list of questions that stakeholders should answer when producing this plan. Then, as a group, answer some of these questions:&nbsp;<\/p>\n<ul>\n<li>What do you want your company and your employees to do <strong>right after the ransomware attack is discovered<\/strong>?<\/li>\n<li>What is the company\u2019s <strong>policy on dealing with attackers<\/strong>? Is it going to try to<strong> pay the ransom<\/strong>, or is it just going to ignore the attackers?&nbsp;<\/li>\n<li>How do you <strong>restore from backups<\/strong>, and what backups are most important to restore from first?&nbsp;<\/li>\n<li>What <strong>data is most vulnerable<\/strong>, and how can you protect that data?<\/li>\n<li>What systems need to be <strong>recovered first<\/strong>?&nbsp;<\/li>\n<li>How does the business <strong>continue to run<\/strong> if the systems are down?&nbsp;<\/li>\n<li>Do you have <strong>resources that can help you<\/strong>, such as law enforcement agencies or a cyber insurance firm?&nbsp;<\/li>\n<\/ul>\n<p>But who makes up this team that creates the recovery plan?&nbsp;<\/p>\n<p>\u201cStart with your CISO, COO and all department heads, as well as any security staff you have,\u201d Kujawa says. \u201cWhen you have all those people together, they can get a clear picture of the readiness of departments in recovering from an attack, what data is most valuable to them and what it would take to disable or continue operations if an attack occurred.\u201d<\/p>\n<h3>3. Avoid common mistakes in prevention, detection and response<\/h3>\n<p>Often, a customer who gets hit with ransomware has security software but they either have it disabled or it\u2019s outdated or limited in its ability, thanks to poor configuration, Kujawa says.<\/p>\n<p>Because of the inconvenience, or maybe because it\u2019s not compatible with the businesses operations, some aspect of the security gets disabled and that leads to an infection.<\/p>\n<p>\u201cA lot of organizations don\u2019t run regular penetration tests or security audits, and not everyone has the funds to hire a pen testing firm. I get that,\u201d Kujawa says. \u201cBut you can make sure that all your outward-facing services are up to date and that every possible entry into the network\u2013like <a href=\"https:\/\/blog.malwarebytes.com\/explained\/2021\/08\/rdp-brute-force-attacks-explained\/\">RDP<\/a> or <a href=\"https:\/\/blog.malwarebytes.com\/101\/2018\/12\/how-threat-actors-are-using-smb-vulnerabilities\/\">SMB<\/a>\u2013has solid <a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/01\/understanding-the-basics-of-two-factor-authentication\/\">authentication requirements<\/a>. We often see people just leaving those ports wide open.\u201d<\/p>\n<p>Another common mistake Kujawa has noticed is not running regular scans to look out for<a href=\"https:\/\/www.malwarebytes.com\/backdoor\"> threats such as backdoors<\/a>, even if you don\u2019t see anything suspicious.<\/p>\n<p>\u201cMany organizations are not aware that a backdoor infection that occurred months ago can and likely will be used to install additional malware at some point,\u201d he says. \u201cA backdoor could sit there for six months without you knowing about it. It may not do anything until it launches the ransomware.\u201d<\/p>\n<h2>Don\u2019t make fighting ransomware harder than it needs to be&nbsp;<\/h2>\n<p>Ransomware is a clear and present danger to organizations of all sizes\u2013but fighting it doesn\u2019t need to be complicated. Reducing ransomware can be as simple as leveraging an easy-to-use EDR, having a well-thought out recovery plan, and avoiding a few common mistakes. Even small-and-medium sized businesses with limited IT resources can <a href=\"https:\/\/blog.malwarebytes.com\/business\/2022\/07\/demo-your-data-has-been-encrypted-stopping-ransomware-attacks-with-malwarebytes-edr\/\">simplify the fight against ransomware<\/a> with these tips.&nbsp;<\/p>\n<p>Want to learn more about how to protect your business against ransomware? <a href=\"https:\/\/go.malwarebytes.com\/Global_RansomwareEmergencyKit_01.LP.html\">Check out our free Ransomware Emergency Kit!<\/a><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/business\/2022\/07\/simplifying-the-fight-against-ransomware-an-expert-explains\/\">Simplifying the fight against ransomware: An expert explains<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/business\/2022\/07\/simplifying-the-fight-against-ransomware-an-expert-explains\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Bill Cozens| Date: Wed, 27 Jul 2022 11:56:55 +0000<\/strong><\/p>\n<p>Fighting against ransomware can be difficult\u2014especially if your organization has limited IT resources to begin with. But Adam Kujawa, security evangelist and director of Malwarebytes Labs, has a few tips for overburdened IT folks looking to simplify their fight against ransomware.&#160; In this post, we\u2019ll break down Kujawa\u2019s observations about ransomware and three tips on&#8230;<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/business\/2022\/07\/simplifying-the-fight-against-ransomware-an-expert-explains\/\">Simplifying the fight against ransomware: An expert explains<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[1001,14971,3765,5340],"class_list":["post-19693","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-business","tag-edr","tag-ransomware","tag-recovery"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19693","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19693"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19693\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}