The issue has gained renewed attention recently after high-profile attacks on a global meat processing company and a US pipeline operator. Other victims have included government departments and healthcare providers.

Although ransomware is not a new threat, many law firms might be unprepared for potential attacks.

Lax security measures mean access to their networks is achievable and poor monitoring capabilities mean attackers can move freely once inside.

However, there are key steps that can be taken to reduce the risks of sustaining a ransomware attack.

The top 10 steps are:

1. Use DNS filtering

Ransomware attacks tend to begin with a phishing attempt that convinces a user to open an email attachment or visit an infected website. While blocking malicious emails at the firewall and on end-point devices can help, there is a need to go further.

VIEW ALL

DNS filtering makes it possible to kill command and control channels and block connections to a cyber-criminal’s servers. Consider installing this today.

2. Deploy multifactor authentication

Ensure you have the ability to reliably identify users with multifactor authentication. This will protect key business assets, accounts, and data against credential theft, fraud, and phishing attacks.

Deploying MFA on mobile devices will further increase protection levels.

3. Manage patches

Industry research shows clearly that the majority of cyber attacks could have been prevented with the proper application of software patches. This is because criminals try to use known vulnerabilities to gain access to a victim’s IT infrastructure.

Making use of a patch management solution can ensure all devices are constantly up to date.

4. Block unknown applications

Deploy tools that can enable continuous end-point monitoring, detection, and classification of all activity to reveal and block anomalous behaviours of users, machines and processes.

Endpoint protection detection and response automatically mitigates attacks by blocking any unknown application execution until it is validated as trustable by the security team.

5. Stop malware payloads at the firewall

Firewalls are a great place to block first-stage malware files, like droppers, which often are followed by more malicious assets.

Techniques that should be in use include signatures and heuristics, signature-less AI-powered prevention, and an advanced cloud sandbox.

6. Monitor end points

Experience shows that ransomware infects end-point devices.

Having visibility into the event activity on these devices makes it possible to detect and remediate the threats before any damage is done. Having end-point protection tools in place will allow security teams to quickly assess the scope of an attack and take appropriate responses.

7. Use telemetry data

Ransomware attacks are notorious for sneaking past traditional security systems. They use stealthy, targeted attacks to hide in the shadows, making attacks easy to miss.

By analysing telemetry data from multiple points in the security stack it is possible to rapidly spotlight and kill threats that might otherwise have gone undetected.

8. Prevent unauthorised encryption

There are sophisticated security tools available that leverage behavioural analytics engines and decoy directory honeypots to monitor a wide array of characteristics determining if a given action is associated with a ransomware attack or not.

If the tools determine that the threat is malicious, they can automatically prevent a ransomware attack before file encryption on the end point takes place and alert your security team.

9. Restore end points

During an attack, ransomware code often creates, modifies, or deletes system file and registry settings and changes configuration settings.

These changes, or remnants that are left behind, can cause system malfunction instability, or even provide an open door to new attacks. Full restoration of end points is therefore critical.

10. Reduce the time to detection

Work with a trusted security partner to make use of a threat hunting and investigation service.

Select partners will constantly analyse suspicious cases to find new and unique evasion techniques in the event stream. From there, rules can be created and propagated to end points to ensure they are protected against future attacks.

The threats posed by ransomware are going to continue to increase in both number and sophistication. Taking preventative steps now can significantly reduce the likelihood of your firm falling victim to an attack in the future.

Anthony Daniel is the regional director – Australia, New Zealand and Pacific Islands at Watchguard Technologies