Ransomware Summit Top 10

Last month, InfraGard and the Secret Service held a ransomware summit in Dallas. Accudata’s Senior Assessment & Compliance Consultant Joe Juchniewicz attended, and I recently sat down with Joe to learn the key takeaways. Here’s Joe’s top 10:

  1. Don’t pay!!!!
  2. See if the attacker used an older version that has already been decrypted. See Kaspersky’s Ransomware Decryptor.
  3. If possible, try to review the ransomware code to see if the attacker mis-coded it and the decrypted key is in the message. See No More Ransom!
  4. Take all infected systems offline for cleanup or to restore images.
  5. Limit the use of Admin accounts within the environment. The use of a privileged identity management tool could assist in restricting administrator access.
  6. Use firewalls, Access Control Lists (ACLs), and VLANs to limit the movement of malware to other share systems/files within your network.  In addition, institute the concept of least privilege for file, directory, and network share permissions.
  7. Make sure backups are performed on a regular basis and are properly secured. Use a third-party tool to assist in creating fast, but usable backups.
  8. Make sure your backups are good and stored off line. To check the integrity of the backups, try to reload random systems to ensure they load quickly and correctly.
  9. Educate your employees on not opening unknown emails or attachments.
  10. If needed, call in the authorities: Cyber Task Force, US Secret Service, Electronic Crimes Task Force, Internet Crime Complaint Center.