I created these steps, collected from various sources and personal experience, to provide you with guidance on what you should be doing to prevent, detect and respond to ransomware and other malicious software attacks. Hope you find it useful. If you would like more information I suggest you take our course on managing cyber exposures at the Global Risk Academy http://globalriskacademy.com/p/the-definitive-guide-to-cyber-exposu...
These five steps are a good beginning.
1. Scan your environment for cyber exposures
Don’t wait for an infection to be detected in your network. Before an intrusion occurs, you should to know whether you have cyber exposures that provide easy access to the predators. These vulnerabilities go beyond your critical infrastructure which you should scan to find and correct known vulnerabilities in the your operating system(s) or applications that could make them susceptible to a ransomware attack, and take steps to remediate those vulnerabilities.
For the technical exposure you should, at the very least, run a vulnerability scan of your assets to identify the CVE-2017-0144 Windows vulnerability. If vulnerabilities are found in your environment, take swift action to patch your systems, and then re-scan yourenvironment..
But remember our advice and determine your non=technical cyber exposures as well. Don’t know what they are? Then take our courses on managing cyber exposures at the Global Risk Academy mentioned above.
2. Know what services and applications are running in your cyber eco-system.
The latest strain of Petya ransomware leverages flaws in Microsoft’s SMB v1 service, a service that may not be required or essential to organizations. For good cyber exposure security, you should maintain an up-to-date inventory that identifies all the services and applications and the equipment in your cyber eco-system, along with the responsible party. In doing so, you can do two things:
Remember the predators are constantly checking for vulnerabilities so you need to constantly check all possible entry and weak points.
3. Ensure that your critical systems and data are backed up and ready for restore.
If you don’t currently take regular backups, consider the latest Petya ransomware attack a warning shot. Every organization should have a reliable backup process that includes air-gapped or offline backups that are tested on a regular basis to make sure you can speedily restore your operation. If you do not do these simple tasks you may find yourself shopping for bitcoins, which in itself is no guarantee that you’ll be able to decrypt the files on a compromised system.
Back ups that are current and tested are not a luxury but a necessity in the age of ransomware.
4. Review & Monitor your cyber environment to detect threats and intrusions.
To prevent malware and ransomware attacks, it’s important to ensure that your malware prevention tools, including antivirus and firewalls, are configured properly and are up to date with the latest threat indicators. As a security measure against Petya ransomware, you might consider blocking ports 445 (SMB) and 139 (file and printer sharing) from any user or entity outside of your organization.
However, threat prevention is only one side of the coin. You should also monitor your environment continuously to look for intrusions and threats. There are several vendors who supply such monitoring software. A list can be found at the PCI Security Standards Council https://www.pcisecuritystandards.org/assessors_and_solutions/approv...
Please, please remember to also monitor your environment for those vulnerabilities that arise when new IoT devices are installed or an employee gets a new intelligent device and can’t wait to use it at work. These are prime place for predators to make their intrusions.
5. If an intrusion is detected in your environment, take swift action to isolate the infection.
During an attack, early detection and response are imperative to stopping the attack from spreading across your cyber eco-system. By isolating infected machines quickly, you stand a better chance at preventing a full system shutdown. The steps to mitigate any compromised system on your network are similar for most malicious software and ransomware threats.
Here are your options again for studying cyber security and exposures in Global Risk Academy:
Option 1. Understanding Cyber Exposures - For Beginners
Option 2. Advanced Cyber Exposure Management
– Part 1 - Identifying Cyber Exposures
– Part 2 – Cyber Exposure Program Management
Option 3. A Bundle of all 3 courses - 35% off the original price
(most cost effective option)
Attention: for readers of this blog only: Use coupon code BLOG10 during the checkout to get 10% off the price of the courses.