Ransomware Attacks

Ransomware, in a nutshell, is a vicious type of malware that cybercriminals use to block access to your entire system or specific sensitive files/databases, until you or your company pays a ransom. It is a form of cyber extortion. Some victims get two ransom notes. One ransom payment to prevent cybercriminals from disclosing the sensitive data they have stolen before encrypting it. The second ransom payment to get cybercriminals to hand over the decryption key, for the victim to gain back access to their data. This is a form of double extortion.

Unfortunately, ransomware is a complex cybersecurity problem with no silver bullet to address this menace. Thankfully the National Institute of Standards and Technology (NIST) released guidance on identifying and protecting assets against ransomware. The Cybersecurity Special Publication (SP) 1800-25 lays out the steps to having a comprehensive strategy around protecting assets.

Thales Trusted Cyber Technologies (TCT) data security and access management solutions provide some of the most essential components of the cybersecurity framework proposed by NIST to protect organizations against ransomware.

Ransomware is not only vicious, it’s complicated to defend. This is why it’s necessary to have a multifaceted approach to your defense. Many enterprises use an XDR (Extended Detection & Response application) which is a significant player in the fight, but not the only component necessary to securely shield your data from attacks. CipherTrust Transparent Encryption of data, user access policies, key management, and MFA are all part of data fortification. Additionally, CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP) is a specific protection that monitors for ransomware type activities to stop the malicious processes.

White Paper: Prevent Ransomware Attacks from Disrupting Your Agency With CipherTrust Platform

Cybercriminals typically use Remote Desktop Protocol (RDP) to gain administrative access to the front door, using a brute-force method of trying various passwords (dictionary attack) or they can use stolen credentials purchased on the Dark Web. There are millions of computers with exposed RDP service online without any protection.

White Paper: How Ransomware Attacks Leverage Unprotected RDPs & What You Can Do About It

Thales’ SafeNet Trusted Access offers multi-factor authentication at all login entry points protecting enterprise IT, web, and cloud-based applications from internal and external threats at the front door. STA utilizes policy-based conditional access, rigorous single sign-on (SSO), multi-factor authentication (MFA), and universal authentication methods, which prevent breaches, simplifies regulatory compliance and enables enterprises to migrate securely to the cloud.

Cybercriminals typically use Remote Desktop Protocol (RDP) to gain administrative access to the front door, using a brute-force method of trying various passwords (dictionary attack) or they can use stolen credentials purchased on the Dark Web. There are millions of computers with exposed RDP service online without any protection.

RDP for Ransomwear Prevention

WHITE PAPER: HOW RANSOMWARE ATTACKS LEVERAGE UNPROTECTED RDPS AND WHAT YOU CAN DO ABOUT IT

RDP ports are left open on the internet and accessible with simple passwords, they can cause serious security
problems. For organizations that require RDP, the following best practices focus on hardening the access point and are useful for securing RDP against brute force attacks.

Resources

ImageTitleLink
CipherTrust Transparent Encryption Ransomware Protection
How Ransomware attacks leverage unprotected RDPs Solution Brief
White Paper: NIST Cybersecurity Framework and Ransomware Prevention Guidance Mapping
White Paper: Prevent Ransomware Attacks from Disrupting Your Agency with the CipherTrust Platform