Basic recommendations to avoid #ransomware attacks
CISA give us some guidance to avoid this raising trend:
Preparing for Ransomware
Maintain offline backups of data, and regularly test backup and restoration [CPG 7.3]. These practices safeguard an organization’s continuity of operations or at least minimize potential downtime from a ransomware incident and protect against data losses.
Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure.
Create, maintain, and exercise a basic cyber incident response plan and associated communications plan that includes response procedures for a ransomware incident [CPG 7.1, 7.2].
Mitigating and Preventing Ransomware
Restrict Server Message Block (SMB) Protocol within the network to only access servers that are necessary and remove or disable outdated versions of SMB (i.e., SMB version 1). Threat actors use SMB to propagate malware across organizations.
Require phishing-resistant MFA for as many services as possible [CPG 1.3]—particularly for webmail, VPNs, accounts that access critical systems, and privileged accounts that manage backups.
Review the security posture of third-party vendors and those interconnected with your organization. Ensure all connections between third-party vendors and outside software or hardware are monitored and reviewed for suspicious activity.
Implement allow-listing policies for applications and remote access that only allow systems to execute known and permitted programs.
Open document readers in protected viewing modes to help prevent active content from running.
Implement user training program and phishing exercises to raise awareness among users about the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments. Reinforce the appropriate user response to phishing and spearphishing emails.
Use strong passwords [CPG 1.4] and avoid reusing passwords for multiple accounts. See CISA Tip Choosing and Protecting Passwords and the NIST’s Special Publication 800-63B: Digital Identity Guidelines for more information.
Require administrator credentials to install software [CPG 1.5].
Audit user accounts with administrative or elevated privileges and configure access controls with least privilege in mind [CPG 1.5].
Install and regularly update antivirus and antimalware software on all hosts.
Consider adding an email banner to messages coming from outside your organizations.
Disable hyperlinks in received emails.
Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.