.
Check Point comments on the Australian government’s recent decision to make it illegal to pay cybercriminals in ransomware attacks, through Rui Duro Country Manager at Check Point Software in Portugal.
The Australian government’s considerations around introducing new legislation that would make ransomware payments illegal could evolve companies’ cyber strategies to combat the most prominent cyber threats.
Cybercriminals are constantly improving their techniques to increase the pressure to pay. We are seeing more data-stealing ransomware families targeting corporate partners or customers for a ransom in addition to traditional methods of encrypting valuable information in a technique called triple extortion.
Cyberattacks don’t go away. in fact, the Check Point Research revealed that global attacks increased by 28% in the third quarter of 2022 compared to the same period in 2021, with the ANZ region recording the highest increase in attacks with a 72% increase compared to the same period in 2021, with the ransomware as a service growing . In addition, the 2022 Semiannual Report from Check Point named ransomware as the top threat for all organizations, due to the simple reason that hackers are getting paid. This, in turn, creates a deadly cycle, increasing attackers’ motivation.
To minimize the risk of being the next victim of a ransomware attack, we urge all companies to apply these recommendations:
Be extra vigilant during weekends and holidays
- Most ransomware attacks over the past year have occurred on weekends or holidays, when organizations are more likely to be slower to respond to a threat.
Regularly install updates and fixes
- WannaCry hit organizations around the world hard in May 2017, infecting over 200,000 computers in three days. However, a patch for the exploited EternalBlue vulnerability had been available for a month prior to the attack.
- Software updates and patches should be installed immediately and automated whenever possible.
Install an anti-ransomware
- Apply security controls to prevent ransomware attacks. Security controls such as Check Point’s anti-ransomware protection watch for any unusual activity, such as opening and encrypting large numbers of files, and if any suspicious behavior is detected it can immediately remedy and prevent massive damage.
Education is an essential part of protection.
- Many cyberattacks start with a targeted email that does not contain malware, but uses social engineering to try to entice the user to click on a dangerous link.
- User education is therefore one of the most important parts of protection.
Ransomware Attacks Don’t Start With Ransomware, So Be Careful With Other Malicious Codes
- These malicious codes include Trickbot or Dridex that infiltrate organizations and set the stage for a subsequent ransomware attack.
It is essential to back up and archive data
- If something goes wrong, your data should be easily and quickly recoverable. It’s imperative to back up consistently, including automatically to employees’ devices, and not relying on them to remember to turn on the backup themselves.
Limit access to only necessary information and access to segments
- If you want to minimize the impact of a potentially successful attack, then it’s important to ensure that users only have access to the information and resources they absolutely need to do their jobs – this is known as the principle of least privilege.
- Segmentation minimizes the risk of ransomware spreading uncontrollably across the network by preventing the lateral movement of threats within an organization. The idea here is to partition your network so that threats can be contained, thereby limiting their reach.
- Dealing with the fallout of a system-wide ransomware attack can be difficult, but repairing the damage after a network-wide attack is much more difficult.
Other interesting articles:
.
