18 Strategic and Creative Ways to Avoid Ransomware

If you want to avoid ransomware you have to master the basics first. But on top of that there are great tactics to mitigate the risks of an exposure to cyber attacks. Decrease the probability of a breach. We show other possibilities which go beyond the usual recommendations! 

We see that when it comes to IT security,  organizations often hide behind technology. This is bad. Because if you want to avoid ransomware you have to avoid successful cyber attacks. And the succession rate of the attacker is directly depending on the creativity of the attacker. Did you have seen a creative system? We didn’t (yet). So do not leave the protection of your IT infrastructure to the machines only!

Avoid Ransomware: Master the Basics First

Before suggesting additional and alternative measures: Master the basics first! That means:

  • Antivirus – We know that you know, but nevertheless it’s worth to mention: Have an AV-Solution in place and update it appropriately. Make sure that every client is protected and make sure that every server gets the same protection
  • Regular updates:  0-Day vulnerabilitites are overstated. Nevertheless you should take care that your users are always updating to the latest version of the software installed. We made the experience that it is really hard to motivate the user base to update their applications and their OS.
  • Firewall and Firewall Appliances: Protect the network from the outside. We still see some companies which have a firewall or an FW-appliance in place but it isn’t configured appropriately. This is one of the most important and most powerful ways to protect your infrastructure (We know that you know that, but do it!)
  • Spam Filter: If you run your own mail server: Use and maintain multiple spam filters. Every mailserver is capable to integrate blacklists in order to avoid spam and malicious e-mail senders
  • Do Backups: Use backups, don’t rely only on cloud based disk storage services (Dropbox, Gdrive, iCloud, etc)
  • Long term Backups: A recent study shows that currently, the average data breach takes organizations an average of 201 days to identify and an average of 70 days to contain. Could it make sense to possess backups which last a little bit longer than just 30 days?
  • Account and Password Policies. Define minimal password lenghts etc. – Lot of organization have a password policy: A minimum lenght, the usage of a special character, but there are still organizations which haven’t. But what strikes us in the eye: Most organizations don’t change the name of the generic / technical user accounts: They keep the default acccount names: ‘root’ on  Unix/Linux, ‘administrator’ on Windows, ‘admin’  and so on. But it would be so easy to change this naming! And more secure…
  • Cyber-Security Policy. Have something written in place. The Cybersecurity Policy is the foundation and the starting point to answer the question how to secure your valuable information. If you don’t have one, use our template.
  • Security Training / Education. Don’t hide behind Tech: Establish a basic training for Security. It can be a Slideshow where you teach your staff the content of your cyber-security policy, what security means, why your employees and your organization needs to be protected and how the protection is done. There are many people who are simply careless or thoughtless, make shure that you don’t have any of the in your organization.

18 Ways to Avoid Ransomware

Just to be clear: There is no way to gain absolute security, especially when your business is relying on e-mails. It’s always a trade off between decreasing the risks and spending money. And then there are risks which you can’t eliminate: Your staff. And there is always a residual risk of unintentional  or intentional damage can always occur. (Insider Threat ). But let’s have look what can be done on top of the basic measures to avoid ransomware:

  1. Use outlook.comƒ or Google Mail
  2. Use team messaging solutions and start stopping mails.
  3. Use an iPad or tablet
  4. Leave Windows behind, start using Mac / Chromebooks
  5. Use Windows farms (Citrix)
  6. Ban USB from our life and from your company
  7. Use SD Memory Cards for single purposes only
  8. Start to purchase software again
  9. Make immediate response possible.
  10. Switch to the (public) Cloud
  11. Challenge the blind spot of your IT or Security departement.
  12. Shift your mindset away from machines and systems.
  13. Expand your IT-Security Strategy / Architecture to the 8th-Layer.
  14. Start monitoring: Build a SOC or use a SOC service
  15. Detect and Respond: Go into direction of SIEM (even SMBs)
  16. Use the best Endpoint Security Solution we know!
  17. Run a Ransomware Simulation
  18. And of course: Increase IT-Security Awareness!

1. Switch your Email Solution to Outlook.com or Google Mail

We see a big reluctance of many organizations to abandon their own hosted mail environments. And there is a whole industry of hosting firms which are doing nothing other than providing hosted Microsoft Exchange solutions. Lot of readers certainly think: “We can’t do that”. Honestly: Can’t you? And why should you? Because we see from our experience that Gmail and outlook.com provide the best spam filters in the market! It is simple like that!

2. Beekeeper – Slack etc. Use Team Messaging Solutions and start stopping mails.

Email was never designed as a secure solutions. Beekeeper, Slack, HipChat, Zinc/CoTap and other of the new team messaging solutions run in an secure environment. And: Stream based and instant communication helps to cut down communication overhead and facilitate enterprise messaging. Start using it – and stop e-mailing in the same time.

3. Use an iPad or a Tablet

Sounds silly, right? But working with an iPad is one of the most secure ways to work with an computer (if you are not visiting untrusted stores). Can you get a virus on an iPad? The answer is here.  Nearly the same applies for an android tablet. And managing E-Mails is really effective on a tablet computers. Actually we see managers, which are switching to iPads. Of course they still use their Windows environment f.e. using Citrix Receiver on their iPad.

4. Leave Windows behind, start using Mac / Chromebooks

Most Malware is written for Windows. If you want to get rid of malware, switch to a Chromebook or a Mac. But that doesn’t mean that you are completely safe then! There is special malware for MacOS, but not for ChromeOS so far.

5. Use Windows Farm Environments

A Citrix farm environment is generally less prone to cyber attacks and exploits.  Its central administration and the better securing of the workplace are the main reasons.  And a hybrid approach is also possible: There are companies where employees are browsing the web using a remote desktop.

6. Ban USB from our life and from your company

Our Penetration Testers have tremendous ‘Success Rates’ with test scenarios using USB-Sticks! If you want to have a life which is more (cyber) secure, you should ban USB drives from your private life, and then also in your company! And put a statement into your Cyber Security Policy Document. Btw: Do you remember Stuxnet or did you hear that the International Space Station has been infected by removable memory devices?

7. Use SD Memory Cards for single purposes only

SD Cards are a bit more tricky. Often you are forced to use such devices. But limit the usage. Allow the usage only for picture/photo data transfers. And put a statement into your Cyber Security Policy Document.

8. Start to purchase Software again

This recommendation is more for private households but not only. We also saw SysAdmins which have been infected because they “just wanted quickly to install a small tool”.  “Freely downloadable” software is at higher risk to be infected. Sometimes it is malware, more often it is adware, which is not dangerous but definitively annoying.

9. Make immediate response possible.

Okay, this does not help to avoid ransomware, but it helps to lessen the damage. And it has two sides – a.) A system based response LUCY-Phish-Report-Button-Outlookand b.) human response. System based response is often already covered by a software or so: Lot of Antivirus products allow to report threats and other suspicious activities happening on the client. Or you have already a monitoring solution in place (see “SOC” below). On the human side you should make sure that the users have the possibility to report incidents quickly and easily. LUCYs Phishing Incident Plugin for Microsoft Outlook is an example of such a functionality.

10. Switch to the (public) Cloud

Public clouds are better than private clouds. And they are also safer. But: Business Leaders are still reluctant to move their data into the cloud. If you are one of these, you should start to change now.

11. Challenge the blind spot of your IT or Security departement.

Do we have File System Resource Manager Lists (FSRM*) in use? And do we use Anti-Ransomware FSRM?” Your administrators will be amazed when you suddenly ask such a technical question: As a leader, it is also your job to challenge the blind spot of an organization because everybody has a blind spot. Show genuine interest how IT-security is implemented in your organisation and what cyber security counter measures are in place. Start to ask questions. Google yourself IT-Security topics and prepare questions which you want to ask your tech staff. We are convinced that the SysAdmins will love your interest!

*Info: A File System Resource Manager is a role that can be added for free to any Windows Server.  FSRM actively monitors your Windows Server Shares and Files and can alert you of any malicious activity you specify.

12. Shift your Mindset back to the People!

Shift your mindset away from machines and systems towards people and responsibilities. If you want to successfully avoid ransomware and defend such attacks, you need to secure systems AND people in unison. The split view approach — security systems on one side, people testing and awareness training on the other — is the wrong approach. And:  Often the people are forgotten.

The shift starts with you first, especially if you are a leader or a board member. Only if you shift your own mindset, your organisation will follow after.

13. Expand your IT-Security Strategy / Architecture to the 8th-Layer.

We see that the most companies have a IT-Security strategy in place. Mostly the documents are really solid and the guidelines are implemented in a good way. But often they focus only how to 1.) protect 2.) backup and DR/BC and 3.) monitor&detect. Fair enough, but the strategy should be expanded with following chapters

  • “train (Phishing, SMiShing, Bad-USB, etc)”,
  • “educate” and
  • “drill & simulate”

Check if your IT-Security Strategy contains similar content and if your company has appropriate measures in use which focus these areas.

14. Start Monitoring: Build a SOC (as a Service)

Did you know, that most companies can afford a Information Security Operations Center (SOC) today? It provides situational awareness through the detection, containment, and remediation of IT threats. Incidents are properly identified, analyzed, communicated, actioned/defended, investigated and reported. Alien Vault provides a SOC as a service for a great price. You get your ‘own’ unified security management service already for a little bit more than 5’000 Dollars per Year! If you want to go even further, then have a look at the ‘FireEye’s Thread Analytics Platform‘ (TAP) from Fireye.

15. Go into Direction of SIEM (even SMBs)

Detect and Respond. If you have already a SOC in place, the next step is the implementation of a Security, Information and Event Management System (SIEM). May be you already have a Detection and Response Strategy Document in place which already goes in this direction.  A SIEM Suite provides real-time analysis of security alerts generated by network software, hardware and applications. It has become affordable for smaller organisations now. If you’re looking for such a solution, just have a look here: Cheap Good SIEM software for small business. And look for Alienvaults SIEM Solution.

16. Use the best Endpoint Security Solution we know

Even our most senior penetration testers are recently confronted with a solution which makes an unintended breakthrough impossible. It is an expensive product but from our point of view it is the best Endpoint Security Solution we have seen so far! We are happy to share the product details and our experiences, just contact us.

17. Run Ransomware Simulations.

Ransomware is a type of malware that prevents or limits users from accessing their system or files. In order to avoid ransomware, run simulations in your own network and assess to what extent a ransomware attack is possible, without doing any damage (and close the gaps afterwards, if there are any). How to do that? Consult a penetration tester or purchase LUCY Server, it contains a harmless state of the art ransomware simulation template.

17. Run Ransomware Simulations.

Ransomware is a type of malware that prevents or limits users from accessing their system or files. Run a ransomware simulation in your own network and assess to what extent a ransomware attack is possible, without doing any damage. How to do that? Consult a penetration tester or purchase LUCY Server, it contains a harmless state of the art ransomware simulation template.

18. And of course: Increase IT-Security Awareness!

With LUCY, we developed a unique tool that allows you to test your security and help it evolve against cyber threats on both, the people side and the system side simultaneously. We gathered our collective IT-security knowledge and we created templates and wizards that are effective and easy to use. With this approach, you can quickly improve security awareness by carrying out a variety of campaigns: Phishing simulations, awareness trainings, technology assessments, malware simulations or simulated ransomware attacks. The result is significant: you can hack yourself and phish yourself! Visit LUCY Security (Link) and check it out. If you wish to evaluate other vendors in this area this list may help you out.

Avoid Ransomware, fight it! Best Regards from LUCY Security.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *