How to Protect Against Ransomware

How to Protect Against Ransomware

Ransomware continues to plague businesses, with this past March breaking records:

“March 2023 was the most prolific month recorded by cybersecurity analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022.”. Last year, there were over 10,000 new strains of ransomware discovered in the first six months alone.”

As companies grow, they need to ensure they are properly accounting for this prolific threat. 

Know Your Enemy

Ransomware is defined by technology research and consulting firm Gartner as, “a type of cyber extortion where a malicious actor infiltrates an environment and encrypts and exfiltrates files, denying access and threatening disclosure, unless the victim pays a ransom.”

Over the years, ransomware has taken on bigger and bigger game. Once a nuisance email asking for a few thousand dollars, ransomware today targets organizations big and small asking for sums in the multi-millions. 

Common ransomware attack vectors include:

• Illicitly obtained credentials
• Phishing emails
• Drive-by downloading and pop-ups
• Unpatched vulnerabilities
• Text messages

So what puts you at risk? Using outdated and unpatched software, failing to train employees to avoid bad links and phishing scams, neglecting to back up company data, and not having a strong password policy. 

Secure Endpoints with XDR

One major point of entry are user endpoints. These are where physical devices connect to network systems, and hackers try to get through. They can include mobile devices, laptops, desktops, servers, virtual machines, and IoT devices – even printers. 

How do you lock down endpoints? You need to find both signature-based and behavioral-based threats. Some ransomware strains are “known” (identified by their signature) and traditional cybersecurity tools like Intrusion Prevention Systems (IPS) are designed to catch them.

The problem is that ransomware is quickly evolving and there are many new ones that are not identified yet. That means traditional tools don’t know what to look for, and will miss them. Take those 10,000 new strains we mentioned – they are so risky because they have never before been seen, and can slip by unnoticed. They are typically referred to as “emerging” or “unknown” exploits. 

The only way to catch them is to track their behaviors. Known as behavioral-based security, these tools are next-generation cybersecurity solutions with the denomination -DR at the end, for “Detection and Response”. This includes Network Detection and Response (NDR), Endpoint Detection and Response (EDR), the all-inclusive Extended Detection and Response (XDR), and other niche ones. 

Cisco Secure Endpoint leverages XDR technology to catch ransomware where it enters – known and unknown. Compare all Cisco Endpoint Protection solutions here. 

Protect at the DNS Layer

Ransomware starts at the DNS layer. This is the level of the Domain Name Service (DNS), and it turns a user-friendly domain name (“Google.com”) into a searchable IP address (8.8.8.8) the computer can reference. Referred to as the “phonebook of the internet”, this is where sites get matched to their names. However, a lot can go wrong in the process. 

Ransomware operators commonly leverage the little-protected DNS layer to launch their attacks and gain a foothold to the network. As Cisco states, “most ransomware attackers make use of the fact that network administrators don’t secure DNS-layer activity”.

Cisco Umbrella secures the DNS layer to stop ransomware where it originates. Block direct-to-IP connections that bypass DNS, get cloud-delivered firewall protection against attacks, and gain access to Umbrella Investigate so you can protect against future ransomware exploits. 

How Port53 Can Help

Port53 is a cybersecurity technology consulting firm designed to make the complicated simple. With access to best-in-class solutions, we review your organization’s security maturity level and help you know what to do to get to the next level.

Which solution is the right one? How much is too much? Do you need AI-based tools now? And which is the right next step? We can answer all of these questions and more when you leverage our cyber services. 

We know the landscape can be difficult to figure out, especially if you’re early on in your digital journey. Take us along and use us as a guide. We can help you avoid the pitfalls of ransomware, solution selection, and so much more.

Contact a Port53 representative today and we’ll get in touch.