{"id":19515,"date":"2022-04-08T19:52:40","date_gmt":"2022-04-08T15:52:40","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/anti-ransomware-strategy\/19515\/"},"modified":"2022-04-08T19:52:40","modified_gmt":"2022-04-08T15:52:40","slug":"anti-ransomware-strategy","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/anti-ransomware-strategy\/19515\/","title":{"rendered":"Anti-ransomware strategy"},"content":{"rendered":"<p>Ransomware attacks are no longer headline news \u2014 reports of new victims <a href=\"https:\/\/securelist.com\/the-story-of-the-year-ransomware-in-the-headlines\/105138\/\" target=\"_blank\" rel=\"noopener\">appear daily<\/a>. So it is more important than ever for companies to have a well-conceived multi-level strategy for protecting against this threat.<\/p>\n<h2>Close attackers\u2019 entry points<\/h2>\n<p>Most ransomware attacks are fairly standard: either an employee falls for social engineering and opens an email attachment, or the attackers gain remote access to the company\u2019s systems (through password leaks, or brute-forcing credentials or buying them from initial access brokers). In some cases, they exploit vulnerabilities in server-side software. Therefore, you can eliminate most problems by:<\/p>\n<ul>\n<li><a href=\"https:\/\/k-asap.com\/en\/?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder____kasap___\" target=\"_blank\" rel=\"noopener\">Training employees<\/a> in information security and digital hygiene. If people are able to distinguish a phishing email from a legitimate one and keep passwords safe, this will greatly reduce the burden on infosec departments;<\/li>\n<li>Having a strict password policy that bans weak and duplicate passwords and requires to use a password manager;<\/li>\n<li>Not using remote desktop services (such as RDP) in public networks unless absolutely necessary, and if the need does arise, by setting up remote access only through a secure VPN channel;<\/li>\n<li>Prioritizing the installation of updates on all connected devices \u2013 above all patches for critical software (operating systems, browsers, office suites, VPN clients, server applications) and fixes for vulnerabilities that allow remote code execution (RCE) and privilege escalation.<\/li>\n<\/ul>\n<h2>Prepare your infosec team for the latest cyberthreats<\/h2>\n<p>Your infosec team\u2019s protection tools and technologies must be ready for today\u2019s threats. And the experts themselves should have access to up-to-date information on the changing threat landscape. Therefore, we advise:<\/p>\n<ul>\n<li>Using <a href=\"https:\/\/me-en.kaspersky.com\/enterprise-security\/threat-intelligence?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">up-to-date threat intelligence<\/a> to keep your experts up to speed on the latest cybercriminal tactics, techniques and procedures;<\/li>\n<li>Updating <a href=\"https:\/\/me-en.kaspersky.com\/small-to-medium-business-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">security solutions<\/a> in a timely manner so they provide comprehensive protection against the threats most commonly associated with ransomware delivery (remote access Trojans (RATs), exploits, botnet activity);<\/li>\n<li>Using tools that not only detect malware, but also track suspicious activity in the company\u2019s infrastructure (<a href=\"https:\/\/me-en.kaspersky.com\/enterprise-security\/endpoint-detection-response-edr?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Extended Detection and Response (EDR)<\/a> solutions);<\/li>\n<li>Considering, if internal resources are limited, hiring third-party experts (or using <a href=\"https:\/\/me-en.kaspersky.com\/enterprise-security\/managed-detection-and-response?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Managed Detection and Response (MDR)<\/a> solutions);<\/li>\n<li>Monitoring outgoing traffic to detect unauthorized connections from outside the corporate infrastructure;<\/li>\n<li>Closely monitoring the use of scripting languages and tools for lateral movement in the company\u2019s network;<\/li>\n<li>Staying tuned for ransomware news and making sure your protection technologies can handle new strains.<\/li>\n<\/ul>\n<h2>Develop a strategy in case a ransomware attack succeeds<\/h2>\n<p>Although it\u2019s possible to rely on technologies to detect and counter ransomware, it\u2019s always better to have a plan in place in case they fail. There are different scenarios. For example, a malicious insider \u2014 especially one with administrator rights \u2014 might disable your security system. It\u2019s important that an incident does not catch you off guard. To avoid downtime due to cyberincidents:<\/p>\n<ul>\n<li>Regularly back up data \u2014 especially if business-critical;<\/li>\n<li>Ensure quick access to it in the event of an emergency.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-top3\">\n","protected":false},"excerpt":{"rendered":"<p>Practical tips for protecting companies from ransomware.<\/p>\n","protected":false},"author":2581,"featured_media":19516,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[1320,433,2494],"class_list":{"0":"post-19515","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-cryptomalware","10":"tag-ransomware","11":"tag-strategy"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/anti-ransomware-strategy\/19515\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/anti-ransomware-strategy\/24028\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/anti-ransomware-strategy\/9868\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/anti-ransomware-strategy\/26352\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/anti-ransomware-strategy\/24296\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/anti-ransomware-strategy\/24663\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/anti-ransomware-strategy\/27069\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/anti-ransomware-strategy\/33057\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/anti-ransomware-strategy\/10615\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/anti-ransomware-strategy\/44082\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/anti-ransomware-strategy\/18740\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/anti-ransomware-strategy\/19289\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/anti-ransomware-strategy\/15919\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/anti-ransomware-strategy\/28455\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/anti-ransomware-strategy\/24933\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/anti-ransomware-strategy\/30377\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/anti-ransomware-strategy\/30145\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/ransomware\/","name":"ransomware"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19515"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19515\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19516"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}