#StopRansomware in its tracks

Maria Efaplomatidis, Amir Goodarzi
Constangy, Brooks, Smith & Prophete, LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Constangy, Brooks, Smith & Prophete, LLP

The national impact of ransomware is expanding. Following a dip in the recorded number of ransomware attacks for 2022, there have been multiple nationwide events with devastating effect in 2023.  Given the damage across private and public enterprises, the federal government has sought to provide additional information and resources to assist those who are preparing to defend against an attack or for businesses who have already experienced a ransomware attack.

With that in mind, a second version of the #StopRansomware Guide was published last month. The guide is prepared by the Cybersecurity & Infrastructure Security Agency, the National Security Agency, and Federal Bureau of Investigation in a collective effort through the U.S. Joint Ransomware Task Force. Originally issued in September 2020, the latest version of the guide focuses on three main areas: (1) additional recommendations for preventing common points of attack; (2) new guidance on cloud backups and zero trust architecture; and (3) an expanded ransomware response checklist. 

The first part of the new version of the guide discusses heightened concerns regarding compromised user credentials. When it comes to defending a network, the "human firewall" is still one of the most important methods to protect against a network intrusion and the deployment of ransomware. Businesses and entities should be mindful about how users access the network and their activity once they are in the system.

The common refrain in the security world is to use multifactor authentication. Although many security measures can be viewed as a tradeoff between ease of use and protection, MFA, once enabled and enforced on all systems, is the simplest way to protect a network while still making it easy for users to access the system. However, MFA can still be bypassed if users accidentally provide their credentials to the threat actors and then give them the MFA codes. This highlights the importance of educating employees and users about attempts to steal their login information. 

Cloud backups are also addressed in the updated guide, including recommendations to be wary about over-reliance on cloud backups and how to implement zero-trust architecture. The example of a photographer’s 3-2-1 Backup Strategy is a case in point. This strategy says there should be three copies of your data. Two of those copies should be kept on site but saved on different devices, and one copy should be kept off site. When it comes to the off-site backup, many organizations use a cloud backup system. Cloud backups are an easy-to-use part of the backup strategy but can be misconfigured in ways that makes them meaningless in the event of a ransomware attack. Often, cloud backups are configured to make automatic changes whenever the data on the local device is changed. However, in the event of a ransomware attack the automatic syncing could back up the encrypted files and make the original files unrecoverable without a decryption key. For cloud backups, the recommended practice is to maintain file version history, so the cloud backup solution has historical copies of data.

Additionally, using zero-trust architecture helps to prevent unauthorized intrusions in a network. ZTA envisions a system where compromise to the network is assumed. Therefore, users (especially a compromised one) should have access only to the areas necessary for performance of their work. ZTA is also known as “least privilege access,” or “the principle of least privilege.” Administrative accounts with high-level access for typical day-to-day work are not recommended, and an administrative account password should not be used for other user accounts.

Finally, the guide expands on the itemized checklist for ransomware attacks. The checklist covers the various phases including Detection and Analysis, Reporting and Notification, Containment and Eradication, and Recovery and Post-Incident Activity. For organizations of every size, having a plan in place before an incident can save precious hours or days when it comes to recovery. This checklist is meant to provide a high-level overview intended to help organizations to develop more detailed and tailored game plans based on their unique circumstances. Responding to incidents during emergencies can make it difficult to see the forest for the trees, but this guide envisions the bigger picture issues and how they tend to mesh during an incident.

Ransomware can have devastating effects not only on the immediate organization experiencing the attack but also its consumers and vendors. This 29-page report provides straightforward information from federal agencies that can assist in prevention and response.

Although the threat of ransomware has grown over the years, there have been corresponding improvements in preventive and responsive measures. Organizations working together can limit its impact.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Constangy, Brooks, Smith & Prophete, LLP | Attorney Advertising

Written by:

Constangy, Brooks, Smith & Prophete, LLP
Constangy, Brooks, Smith & Prophete, LLP
Contact
more
less

Constangy, Brooks, Smith & Prophete, LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide