Ransomware is a problem that continues to plague organizations.
A survey in which several companies in 30 countries participated found that more than a third had experienced a ransomware attack in the past 12 months.
These attacks are characterized by an increasing level of complexity and are carried out by hackers who are more and more able to take advantage of network and system vulnerabilities. The consequencesfor organizations are hefty costs to repair the damage, with a staggering average that amounts to more than double that recorded last year!
Modern firewalls are an effective resource for protecting against these types of attacks.
Who are the targets of hackers? The short answer is: everyone. In a recent survey of 5,400 IT managers in mid-sized organizations located in 30 different countries, 37% of respondents revealed that they had been affected by ransomware in the past year.
Searching for the term “ransomware attack” in the news, you’ll find that there are a lot of them occurring every week, most of them successful.
The effects are dismantling: ransom demands, long periods of inactivityand a huge impact on business, in addition to reputational damage, data loss and the auctioning of victims’ sensitive data.
How ransomware attacks act to infiltrate the network
Hackers use an extensive variety of different Tactics, Techniques and Procedures (TTPs) to penetrate their victims’ networks. SophosLabsand the Sophos Managed Threat Response team have noticed an increase in the number of attacks in which cybercriminals are working to find a way to penetrate their victim’s network.
As it turns out, the main entry point of ransomware is files downloaded or sentto users as part of a spam or phishing attack.
It is therefore essential not to leave security in the hands of users: to prevent this kind of attack it is advisable to protect your organization with powerful and effective firewall protection systems… and we can help you with that!
How a ransomware attack works
How to maintain proper protection against ransomware
To properly protect your organization against ransomware, you need to take three main actions.
- Upgrade your IT security system
Firewall and endpoint protection can prevent network intrusionsby blocking the attack during the initial stages, and should an attack somehow make it past this barrier, it prevents it from spreading and infecting other systems. But not all firewall and endpoint protection solutions have this capability, so you need to choose an IT security system that is effective. Make sure you have available:
- Accessible sandboxing capabilities to analyze the behavior of the file at execution before it reaches the network.
- The latest machine learning technologies to identify zero-day malware variants in files that cross the firewall barrier
- IPS in the firewall with real-time signature updates, to block network exploits
- A simple, free remote access VPN so you can manage your network remotely without compromising on security
- Endpoint protection with anti-ransomware capabilities
- Isolate remote access and management
In the context of network protection, every party in contact with the outside world represents a possible vulnerability, just waiting to be exploited by a ransomware attack. Isolatethe company’s accessto the Remote Desktop Protocol, avoid leaving ports open, and limit the use of other management protocols are some of the most effective precautions for protecting systems against targeted attacks.
One of the most common ways to do this is to require the use of a VPN before users can access resources such as RDP, and to make sure that access to the VPN is limited to a list of known IP addresses. You should then also protect and strengthen server security, use complex passwords that should be changed frequently, and implement multi-factor authentication.
How to proceed securely
Best practices for firewall and network configuration can be summarized as follows:
- Be sure to use the best possible protection, which should include a high-performance Next-Gen firewall equipped with IPS, TLS inspection, sandboxing for zero-day threats, and anti-ransomware protection with Machine Learning technologies.
- Isolate RDP and other services with the firewall. The firewall must be able to restrict access only to users using a VPN and to approved and permitted IP addresses.
- Limit the size of the attack surface as much as possible by controlling and modifying all port forwarding rules to eliminate any unnecessary open ports. Each open port represents a potential entry point to your network. Whenever possible, instead of port forwarding, use VPN to access internal resources from outside the network.
- Ensure that all open ports are properly secured by applying the right IPS protection to the rules set for the traffic in question.
- Enable TLS inspection that supports the latest TLS 1.3 standards for web traffic to prevent threats from infiltrating the network using encrypted traffic streams.
- Reduce the risk of lateral movement within the network by segmenting LANs into smaller, isolated areas or secure VLANs connected by a firewall. Be sure to apply appropriate IPS policies to the rules you set for traffic passing through these LAN segments to prevent the spread of exploits, worms, and bots between LAN segments.
- Automatic isolation of infected systems. When an infection strikes, it is important that your IT security solution is able to quickly identify compromised systems and isolate them immediately until they can be disinfected (for example, with Sophos Synchronized Security).
- Use complex passwords and multi-factor authentication for remote management and file sharing tools, so that these passwords cannot be cracked with brute force hacking tools.
IT Solution’s help with Sophos security systems
Sophos offers the ultimate IT security solution to protect your systems against the latest types of ransomware. Sophos not only provides the best possible protection on all levels, but also the benefits of years of integration between firewall and endpoint solutions.
All of this translates into tremendous benefits in terms of visibility into network integrity status and the ability to automatically respond to security incidents.
Sophos Firewall is a solution designed to prevent attackers from infiltrating the network in the first place. If ransomware does reach your network, however, the other side of this dual protection comes into play: Sophos Firewall can automatically nip ransomware attacks in the bud, thanks to integration with Sophos Intercept X, an industry-leading endpoint protection platform. It’s like putting your network protection on autopilot – a big help that multiplies your resources and therefore the effectiveness of your security team.
Despite being a perennial cyber threat, ransomware will continue to evolve. While ransomware will likely never be completely eradicated, observing the firewall best practices outlined in this document can ensure your organization is more likely to remain protected against the latest types of ransomware and other threats.
At IT solution, we view data security and service efficiency as a must – cyber threats are an increasing concern for organizations that need their services to be as functional as possible. This is why we offer security solutions capable of intercepting all possible threats that risk jeopardizing not only the functioning of systems, but also and above all the security of company data.
Don’t underestimate the risk of malware! Request a free consultation to evaluate the best protection strategy for your business with our Sophos centralized security solutions, here.