The question is not whether or not it will happen, it's when.
Let's face it.... No matter how many barriers we put up in our company, sooner or later, one of our employees will suffer a ransomware attack.
Cybercriminals update their methods, so barriers such as antivirus software are no longer sufficient.
In addition, the lack of awareness or the entry of new employees into the company who are unfamiliar, as well as the increase of these attacks, makes it not a question of whether or not it will happen, but rather a question of when.
The strategy: Minimizing impactThat said... Are we lost, and does this mean we can't do anything about ransomware? Far from it
Although avoiding a ransomware attack is inevitable, having strategies that allow us to minimize the impact of malware on our company is not.
There are different strategies to avoid it, among them are:
- Network segmentation
- Access to the company through SDP solutions instead of VPNs.
- Eliminating passwords in our company
Passwords: The Key to Ransomware Distribution
Ransomware is distributed to other computers by stealing passwords and Mimikatz, one of the tools most commonly used by attackers.
Mimikatz is an open source application that among other things allows to steal user identification data, obtaining among others their passwords. It does this by exploiting Kerberos and its single sign-on capability.
In many operating systems the native WDigest functionality that is exploited is disabled but an attacker can enable it and exploit it.
Attackers also often use Microsoft Process Explorer, a legitimate component of Windows Sysinternals. This allows memory dumps that are then exploited by Mimikatz to extract users and passwords.
In the case of certain systems with older operating systems, there is no patch to fix the vulnerability and no updates to protect the computer.
Passwordless: The best mitigation strategy
A passwordless strategy can help mitigate ransomware attacks by eliminating one of the main vulnerabilities used by malware to spread to other computers on the network: password theft.
By implementing a passwordless strategy, passwords are eliminated as the primary method of authentication. Instead, more secure techniques such as token-based authentication, biometric authentication or two-factor authentication (2FA) are used with more secure methods such as physical security keys or authentication applications.
These more secure authentication methods significantly hinder the ability of attackers to gain access to systems by stealing or guessing passwords. By eliminating weak or vulnerable passwords, the attack surface is reduced and overall system security is improved.
In addition, a passwordless strategy can include features such as two-factor authentication and real-time behavioral monitoring to detect and prevent suspicious activity. This can help detect and stop ransomware attempts before they can cause significant damage.
July 5, 2023