Just a few weeks ago several federal agencies, including the HHS and the FBI, issued a joint cybersecurity advisory warning healthcare organizations about an increased and imminent cybercrime threat from Russian criminal groups targeting hospitals with Ryuk ransomware. We at CyberMaxx have also issued threats to our customers warning of Maze ransomware targeting Cognizant.
“The threat of a ransomware attack on healthcare organizations has never been more real, and the sophistication of bad actors and their attacks have grown tremendously over the past few months,” says Thomas Lewis, CEO of CyberMaxx. What makes these cyberattacks so potent is their ability to go unnoticed weeks or even months before they execute encryption of the victim’s data files. This gives malicious actors insight into the most valuable resources and systems which they leverage as ransom.
Don’t think it could happen to your organization? To date, our friends at CrowdStrike found that threat actors targeting enterprise environments with Ryuk have netted over $3 million dollars since it was introduced in August. We’ve pulled together best practices and steps you can take to better protect your network from ransomware. While there’s no one way to protect your network, implementing a combination of these steps will help minimize exposure.
Beef up end-user education on identifying phishing attacks
Create monthly user education and reminders to help end-users better spot suspicious emails and documents before it’s too late. Additionally, set up parameters so that employees have to pick a strong password and change them frequently – quarterly or bi-annually.
Expert tip: Disable macros for documents received via email. Phishing emails commonly attach macro-infected word documents that deliver ransomware and hold networks hostage.
Employ a layered security approach that maps to the “Cyber Kill Chain”
The ability to gain visibility and enforce policy at multiple points on the cyber kill chain is a must for enterprise organizations. Many organizations rely on protections only in a few locations, such as relying solely on perimeter protections. This not a good practice. Make sure you have sufficient network, endpoint, server, and application visibility and enforcement, both on-prem and in the cloud.
Deploy a next-generation endpoint protection solution
Endpoints are one of the most vulnerable aspects of your environment – so it’s key to deploy a best-in-breed solution. Next-generation endpoint protection solutions like CrowdStrike Falcon include machine learning capabilities that can spot suspicious files and provide attack indicators faster than anything else on the market.
Managed endpoint solutions offer a dedicated cybersecurity team with experts who monitor endpoints, perform strategic analyses, and detect behavioral anomalies. At CyberMaxx we’ve partnered with CrowdStrike to offer dynamic endpoint solution that alerts users to potential threats, while simultaneously taking action to prevent any damage to the endpoints.
Reduce the surface area of attack…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
