{"id":17854,"date":"2022-01-06T10:51:54","date_gmt":"2022-01-06T10:51:54","guid":{"rendered":"https:\/\/web3unplugged.io\/blog\/?p=17854"},"modified":"2022-01-06T10:51:55","modified_gmt":"2022-01-06T10:51:55","slug":"tips-for-safeguarding-against-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/web3unplugged.io\/blog\/tips-for-safeguarding-against-ransomware-attacks\/","title":{"rendered":"Tips For Safeguarding Against Ransomware Attacks"},"content":{"rendered":"\n<p><strong>By: Mohammad Jamal Tabbara, Solutions Architect Manager at Infoblox<\/strong><\/p>\n\n\n\n<p>Ransomware attacks have stepped up and it has become one of the most damaging threats today. Ransomware attacks are being more frequently carried out by nation-states and organized crime and causing millions in dollars of reputational damage, recovery expense, extorted ransom payments, loss of revenue, inability to use critical infrastructure, and much more. New strategies such as <em>Ransomware-as-a-Service <\/em>are being used to take cybercriminals\u2019 attacking capacity to the next level.<\/p>\n\n\n\n<p>Given the increasing tide of ransomware attacks, and the threat of burgeoning investment by threat actors in ransomware-as-a-service platforms, organizations are more and more concerned about protecting their IT assets by adopting and implementing the best practices in cybersecurity management at a organizational scale. <strong>Infoblox, <\/strong>on the basis of its experience in helping companies to protect their core IT services and orchestrate their cybersecurity posture, recommends:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Backup data, system images, and configurations<\/strong>, regularly test them, and keep the backups offline. Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if network data is encrypted with ransomware, systems won\u2019t be able to be restored.<\/li><li><strong>Update and patch systems promptly:<\/strong> This includes maintaining the security of operating systems, applications, and firmware, in a timely manner. <strong>Orchestration is a key point. <\/strong>It is highly recommendable to use a centralized patch management system; use a risk-based assessment strategy to drive your patch management program.<\/li><li><strong>Leverage DNS as a first line of defense. <\/strong>DNS security must also be a critical part of any organization\u2019s ransomware defense. Ransomware and most malware use DNS at one or more stages of the cyber kill chain. DNS may be used during the reconnaissance phase when it is a targeted attack. DNS is also used in the delivery phase as potential victims unknowingly make DNS queries for IP addresses involved in the attack. DNS will also be used in the email delivery process when the ransomware propagates via spam campaigns.&nbsp; The exploitation phase may involve DNS queries when the victim\u2019s system is compromised and infected. DNS is also frequently used when an infected system checks in with the command and control (C&amp;C) infrastructure. Using threat intelligence and analytics on your internal DNS can detect and block such nefarious activity early before ransomware spreads or downloads the encryption software.<\/li><li><strong>Network segmentation:<\/strong> There\u2019s been a recent shift in ransomware attacks \u2013 from stealing data to disrupting operations. It\u2019s critically important that your corporate business functions and manufacturing\/production operations are separated and that you carefully filter and limit internet access to operational networks, identify links between these networks and develop workarounds or manual controls to ensure ICS networks can be isolated and continue operating if your corporate network is compromised. Regularly test contingency plans such as manual controls so that safety-critical functions can be maintained during a cyber incident.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Test organization\u2019s incident response plan: <\/strong>There\u2019s nothing that shows the gaps in plans more than testing them. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?<\/li><li><strong>Check your security team\u2019s work:<\/strong> Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.<\/li><\/ul>\n\n\n\n<p>In conclusion, organizations have a responsibility to protect themselves and keep their organizational resources, employees and partners safe. It&#8217;s up to us to build a strong security posture, through the orchestration and the use of security intelligence, but also by adopting a series of best practices which involve the whole organization. In the pathway to achieve that, don\u2019t miss the critical role that a secure management of DNS have in the process.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By: Mohammad Jamal Tabbara, Solutions Architect Manager at Infoblox Ransomware attacks have stepped up and it has become one of the most damaging threats today. Ransomware attacks are being more frequently carried out by nation-states and organized crime and causing millions in dollars of reputational damage, recovery expense, extorted ransom payments, loss of revenue, inability [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":17856,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[2],"tags":[],"class_list":["post-17854","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"rttpg_featured_image_url":{"full":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox.jpg",900,1350,false],"landscape":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox.jpg",900,1350,false],"portraits":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox.jpg",900,1350,false],"thumbnail":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox-150x150.jpg",150,150,true],"medium":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox-200x300.jpg",200,300,true],"large":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox-683x1024.jpg",683,1024,true],"1536x1536":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox.jpg",900,1350,false],"2048x2048":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox.jpg",900,1350,false],"post-thumbnail":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox.jpg",280,420,false],"graptor-sq-xs":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2022\/01\/Mohammad-Jamal-Tabbara-Solutions-Architect-Manager-at-Infoblox.jpg",67,100,false]},"rttpg_author":{"display_name":"admin","author_link":"https:\/\/web3unplugged.io\/blog\/author\/admin\/"},"rttpg_comment":0,"rttpg_category":"<a href=\"https:\/\/web3unplugged.io\/blog\/category\/news\/\" rel=\"category tag\">news<\/a>","rttpg_excerpt":"By: Mohammad Jamal Tabbara, Solutions Architect Manager at Infoblox Ransomware attacks have stepped up and it has become one of the most damaging threats today. Ransomware attacks are being more frequently carried out by nation-states and organized crime and causing millions in dollars of reputational damage, recovery expense, extorted ransom payments, loss of revenue, inability&hellip;","_links":{"self":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/17854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/comments?post=17854"}],"version-history":[{"count":1,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/17854\/revisions"}],"predecessor-version":[{"id":17857,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/17854\/revisions\/17857"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/media\/17856"}],"wp:attachment":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/media?parent=17854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/categories?post=17854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/tags?post=17854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}