Ransomware: what is it and how can you protect yourself against it?
With the discovery of the Log4Shell vulnerability, protecting your organization against ransomware is more relevant than ever. Any type of organization - big and small - can fall victim to ransomware. MediaMarkt, VDL and the Hof van Twente were already hit by a cyber-attack in 2021. The (financial) damage can be huge. The American part JBS, a major meat processing company, paid more than 11 million dollars in ransom to regain access to their own systems.
Completely preventing yourself from ever falling victim to a ransomware attack is not possible. However, you can always project yourself as much as possible.
Prefer personal advice from one of our consultants? Contact us directly.
What is ransomware?
Ransomware is a form of malware - a file or code - that penetrates a network and encrypts data files. Ransomware is described as follows: a user or organization is being denied access to encrypted files and a ransom is demanded for the decryption key.
In extreme cases, ransomware blocks access to entire IT systems, completely preventing organizations from operating.
LOG4J AND THE RISKS
The recent discovery of the Log4Shell vulnerability is shaking up the global IT landscape. Cyber-criminals search for targets where they can hack into systems easily. The Log4j tool (a widely used piece of standard software) has been incorporated into an enormous number of platforms, services, and apps, which tremendously increases vulnerability to cyber-attacks. The threat applies to any organization that uses Java applications where input is logged via Log4j.
The advice is to act as soon as possible. One solution is to introduce an Akamai Firewall, which blocks suspicious traffic. Need help?
Prevention is better than cure
When access to systems or files has been regained, it is difficult to determine exactly what happened, whether data was stolen, and which systems were infected. This also applies to backups, which in this case can become unusable, leading to irrecoverable data loss.
The best remedy is therefore to protect your network to prevent an attack.
How do you protect your organization against ransomware?
For that, we must first understand how the malicious software invaded the network.
Ransomware can get into your network in several ways, the most common of which are:
- Links in phishing emails
- Attachments in emails
- Clicking on ads
- Targeted attacks on servers – see also LOG4J AND THE RISKS
In theory, every employee of your company can download ransomware with one click on a phishing link. Once inside, the ransomware spreads and your options for recovery are limited.
Prevent ransomware with the following steps:
1) Employee awareness
Because the door to ransomware can be opened by any employee, education is the first step in the security process. Educate employees about phishing, ransomware, and email security.
2) Software and virus scanners
Antivirus software has been available for years and is still a crucial step in the prevention of cyber-attacks. There are many providers available that offer good protection – even at a low rate.
3) Organize backups
In the unlikely event that ransomware has penetrated the system, it is important for the recovery process that good backups are available of the required data. Work according to a fixed, regular backup procedure and place the archive files out of reach of any ransomware by, for example, using external hard drives.
4) Zero Trust: Multi-Level Security
At TRIMM, we are certified to provide additional security using the Akamai Zero Trust solutions below.
Akamai Enterprise Threat Protector (ETP)
A cloud-based solution for targeted DNS-level protection. Users' Internet access is monitored for threats.
- Global deployment and configuration
- 100% compliance with Acceptable Use Policy (AUP) and other security policies
- Realtime information about potential threats
- Advanced reporting capabilities to identify compromised devices
A micro-segmentation solution that offers extensive protection on the cloud level. GuardiCore reduces risks drastically, protecting the datastream of company records throughout the entire network.
- User accessibility limited to authorized applications
- Granular segmentation policy: Ransomware traffic is isolated, reducing the spread to other servers
- Protection from datacenter to cloud: including bare metal, virtual machines, and containers
- Multiple techniques to detect threats and react fast and accordingly
We provide the datacenter components such as server, container, application, or even application processes of a protected schil (firewall). Because of this only authorized and familiar traffic can communicate with these components, creating micro-segments.
When despite this, an infection still occurs within a segment, the infection won't be able to spread to other segments.
Because Guardicore is a software system, the micro-segmentation is easy to configure, even in an active online environment. Machine Learning immediately recognizes the data center traffic and delivers useful and contextual dependant suggestions to the policy. Afterward, the policy can be executed via a central management interface immediately.
Akamai Enterprise Application Access (EAA)
Network-level protection. Applications running behind a firewall or public cloud are secured and delivered from the EAA service. A secure remote access service: More relevant than ever now that we work from home a lot internationally.
- Secure access to applications without the need for network access
- Control and manage the access of employees, contractors, partners, and suppliers
- No more maintenance of the outdated VPN security architecture
Soortgelijke uitdaging? Plan een verkenningsgesprek.
You can contact Bas Greevink through the form below, or through the following number +31 (0)53 4800 480
All fields with a * are mandatory.