Three Ways to Prevent Ransomware

Sam Reed

Cyberattacks are not magical events.

Logic is used to breach and navigate through environments. For security teams, this is good news.

It means that same logic can be applied to security in order to proactively defend against attacks.

In this article, we'll cover this logic in the context of ransomware.

The Root Causes of Ransomware

There are many ways an attacker can take over an environment.

But not an infinite amount.

In fact, in nearly all* ransomware events, at least one of three security gaps is present.

  1. Missing or misconfigured multi-factor authentication (MFA)
  2. Inadequate vulnerability management
  3. Excessive user permissions

*There is no data on the exact percentage. In a recent conversation with an expert involved in over a thousand ransomware cases, he believed it to be 100%.

The Perspective of an Attacker

There is a misconception that once an attacker breaches an environment, it’s game over.

In reality, there are multiple steps. In the case of ransomware, the steps leading to a takeover can be distilled into three primary activities:

  1. Initial access
  2. Escalation
  3. Encryption (i.e. deployment of ransomware)

Initial access: Social engineering and vulnerabilities are a couple of examples of the many ways an attacker can breach an environment.

Escalation: An attacker will escalate privileges, or control, in a network using identities (e.g. Active Directory misconfigurations; overly permissive user accounts).

Encryption: Once an attacker has escalated to the necessary privileges, they can then deploy the ransomware, encrypting the victims data until the ransom is paid.

Defending with Logic

Think of your network as an escape room.

But rather than exiting, the goal is to get to the control room (domain admin). To do this, an attacker will search for information in a network, leverage that information to get more information (escalate privilege), and continue doing this until they have total network control.

By understanding the access and escalation points in a network, security teams can efficiently remove the attack paths leading to the most critical assets.

To learn how you can defend from the perspective of an attacker, book a demo at https://www.shieldcyber.io/.

Sam Reed

Head of Growth @ Shield Cyber

LinkedIn

We make cybersecurity easy to understand.

Understand the logic behind attacks to proactively defend against them.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Articles