It is worth revisiting some of the basics of ransomware in order to remind ourselves of why we need so many security controls to protect against it.
How does ransomware get into our computers? The most common path is through an email that contains attachments that are infected with the malware. In this scenario, infected PDF files are very common, but Microsoft Word and Excel files and other types are seen also. Another common infection path is browsing to an infected web site. These sites will usually pop up a message that require user confirmation, but this is not always the case. Some malware on infected websites will simply begin to operate as soon as the user hits the infected page. Another vector for infection is plugging in an infected USB thumb drive. This is not commonly seen, but it can be used for infection of a specific targeted organization. Connecting unauthorized devices to the network is another vector for infection. In this case, an already infected laptop would be connected to the network, and the ransomware would then propagate and spread to the rest of the organization’s computers. Or a hacker may break into the organization’s WiFi and launch an attack from there. Opening a vulnerable network port to the Internet is another pathway that allows hackers to gain entry into the organizations network. Opening RDP to the Internet is common in this situation. The issue is that RDP is known to have various vulnerabilities that must be patched, and if patching is not done, then the hackers have a guaranteed path into the organizations network. Other network ports might be opened that similarly expose the network to hackers.
As you can see, this is an extensive list of direct ways that hackers are able to introduce ransomware into the network. The list so far does not include the various ways that mobile devices can be used as part of the hacking including credential stealing et al. Nevertheless, the basic point is that there are at least six ways in which ransomware can be directly delivered into the organization’s network. Is it so surprising then that so many security controls are needed to fend off the attacks? A comprehensive plan needs to be developed to cover all of the different cybersecurity controls that need to be installed and the multitude of configuration items that must be set in order for those controls to be successful.
There are numerous ransomware guides available for download from the Internet. None of them are completely exhaustive for all controls and configuration items that need to be set up. In concert, they provide an excellent resource for developing a road map and implementation plan for the security controls that need to be in place in an organization. Two excellent examples of ransomware guides are available from IBM (The definitive guide to ransomware: Readiness, response, and remediation) and CISA (Ransomware Guide)
For the majority of organizations, it is beneficial to rely upon technology partners such as Gotham Technology Group to assist with developing and implementing the cybersecurity controls needed for blocking ransomware.
To begin the process, contact Gotham for a free assessment of your Ransomware Readiness.