By Yeo Siang Tiong
THE recent attack against an insurance giant’s IT operations in some key countries in the region is unfortunately what our experts have been warning us about since last year.
Targeted ransomware attacks or “Ransomware 2.0” are fast-becoming a trend in the cybercriminal world since the Maze group. Malicious ransomware families are now conducting data exfiltration coupled with blackmailing.
These cybercriminals, using pressure tactics, threaten to publish the data they hold, further increasing the need for their high-profile victims to pay the ransom to protect their valued reputation.
With these recent cases, organizations and enterprise should see ransomware beyond a type of malware. In fact, often times, the ransomware is only the final stage of a network breach. By the time a ransomware is actually deployed, the attacker has already carried out a network reconnaissance, identified confidential data and exfiltrated it.
Therefore, it is important that organizations implement a whole range of cybersecurity best practices and tools to protect its systems holistically.
Identifying the attack at an early stage, before attackers reach their final goal, can save valued data, reputation and a lot of money.
To protect your company from ransomware, our experts recommend the following:
- Prohibit unnecessary connections to remote desktop services (such as remote desktop protocol [RDP]) from public networks, and always use strong passwords for such services;
- Install all available patches for virtual private network (VPN) solutions that you use to connect remote workers to the corporate network;
- Update software on all connected devices to prevent vulnerability exploitation;
- Focus defence strategy on detecting lateral movement and data exfiltration, with special attention to all outbound traffic;
- Back up data regularly and make sure that in case of emergency you have ready access to the backups;
- Leverage threat intelligence data to stay up-to-date on attack tactics, techniques, and procedures;
- Use security solutions such as Kaspersky Endpoint Detection and Response (EDR) and Kaspersky Managed Detection and Response that help stop attacks early on;
- Train employees to mind the security of the corporate environment; and
- Use a reliable solution for endpoint protection that counters exploits and detects anomalous behaviour and can roll back malicious changes and restore the system.
Also, in case of an attack, ask for help. Law enforcement agencies and private companies such as Kaspersky can help in forensic investigation and expert response after an attack.
Meanwhile, Kaspersky Endpoint Security (KES) detects and blocks the Avaddon malware with Behavior Detection technology as well as with scanning engine and cloud detection and with different detection names, including (but not limited to):
- PDM:Trojan.Win32.Generic
- Trojan-Ransom.Win32.Avaddon
- HEUR:Trojan-Ransom.Win32.Generic – May 20, 2021
Yeo Siang Tiong is the general manager for Kaspersky (Southeast Asia).
The views expressed are solely of the author and do not necessarily reflect those of Focus Malaysia.
Photo credit: Getty Images
