You can protect yourself by keeping all operating systems and applications secure and up to date, regularly reviewing the security settings of your entire IT landscape, and making employees aware of phishing attacks. These are attacks where sensitive (access) data is spied on using fake emails or SMS messages.
During a typical ransomware attack, the hacker gains access via a poorly secured website or through a phishing attack, takes over an initial computer, and sets up a permanent access point ("reverse shell"). From there, they progress sideways ("lateral movement"), meaning they take over other computers – usually those providing central services with administrator accounts – before encrypting valuable servers and databases.
In addition to protecting the virtual 'outer skin' (securing web servers, avoiding phishing), it is essential to make internal spread as difficult as possible. Separate administration accounts with strong authentication are particularly helpful here. Regular backups of critical systems should also be performed, configured in a way that they cannot be immediately encrypted.
Depending on the size and criticality of a company’s IT, regular (possibly constant) checks should be performed to detect suspicious activities on computers and networks so that attacks can be interrupted if necessary.
As companies increasingly secure their outer skin well, hackers are relying more and more on phishing to infiltrate. Phishing emails are now very professional and often individualized ("spear phishing"), so employees play a crucial role in defending against ransomware attacks. Ideally, all suspicious emails should be identified, which requires awareness and training.
The Two Top Tips
- Keep all operating systems and applications up to date.
- Regularly review administrator roles and permissions to ensure they only include the essentials.
Contact
Dr. Katrin Sobania
Director Department for Information and Communication Technology | E-Government | Postal Services | IT Security