RANSOMWARE

And how to be more secure!!

Ransomware — — — 100k+ types of ransomware incidents (back in 2013) — — -82% include lateral movement.

What do attackers do?

— — — — — — — — — — — — —

1) Initial Access →

2) Credential compromisation of a service account →

3) Moving on to the next machine linked to that service somewhere in scripts (that’s where the gold is for them) →

4) Obtaining admin credentials →

5) Moving on to the next target and planting ransomware on every machine!!

Lateral movement should be considered an identity threat owing to weak, compromised credentials. One single compromised system with weak creds may give out your whole network.

24 billion passwords are for sale over the darknet. And passwords are just one line of defence!!!

Even though we can’t be sure always. We need to be sure always of our stance.

What To Do?

— — — — — — — -

👉 DON’T open malicious links…in unexpected emails. Be sure if this email really should be in your inbox!

👉 Check all the boxes in your insurance cover for detailed protection at every nook and corner of your environment which may not even be an attack vector.

👉 MFA on these: Cloud-based emails, remote access protocols, especially on admin access. And immediate action on discovering free-spirited service accounts. Guess what administrators use while setting up systems. The COMMAND LINE. Attackers also use the same console. And these don’t have any MFA!!!

👉 Create better policies, to block malicious activity. This can be achieved by monitoring the systems for odd behavioural patterns.