Finally – part 2 of the long-time coming Ransomware Beware Blog! Sorry for the delay folks – COVID-19 doesn’t discriminate.
Access: Ransomware’s most popular access to an environment is through a phishing scam, where a user within the corporate network gets duped into clicking a link or downloading a file that starts the scanning and encrypting of all files that user has access to, specifically write access. There is a lot of content out there on user awareness training, “don’t click the link” FUD, and email filtering. GREAT start, but if it were the silver bullet my LinkedIn wouldn’t be splattered with new ransomware attacks on a daily basis.
“The definition of insanity is doing the same thing over and over and expecting different results.” Albert Einstein
Principle of Least Privilege: There is another way to limit the attacking surface of a ransomware attack, and that’s called the principle of least privilege. This is defined by the Cybersecurity & Infrastructure Security Agency as “only the minimum necessary rights should be assigned to a subject that requests access to a resource and should be in effect for the shortest duration necessary.” By resource we are referring to files, folders, shares, all the places data is stored that if encrypted could cripple the organization.
Enforcing the principle of least privilege is another layer for limiting the attack surface of ransomware spread through malware. These controls can be done manually (not recommended), and also through free and enterprise software. Do your due diligence and figure out what path to enforce these controls works best for you. If you aren’t addressing these areas today, I do recommend you start. It’s not if you get breached, but when!