How to prevent ransomware attacks with a zero-trust security model

Image: kaptnali, Getty Images/iStockphoto

Ransomware attacks instrumentality spot 4,000 times worldwide each day. The process is reasonably straightforward—malware infects a people computer, and an attacker encrypts invaluable information past sends the unfortunate a notification demanding a ransom outgo to merchandise entree to it. It's a gamble: If the ransom is paid arsenic determination is nary warrant the attacker volition merchandise the data.

SEE: Security incidental effect policy (TechRepublic Premium)

It's worthy pointing retired this is simply a existent improvement which really locks up targeted data; it's not the aforesaid arsenic a random email from a alien stating they "have gained entree to your devices, which you usage for net browsing" and "after that, I person started tracking your net activities" whereby they proceed to impeach you of engaging successful unsavory online behaviour which they endanger to exposure unless you nonstop them Bitcoin. Those are harmless to ignore. Ransomware cannot beryllium ignored.

TechRepublic has offered galore tips connected combatting ransomware arsenic good arsenic strategies for being proactive astir it. However, determination is simply a zero-trust exemplary to cybersecurity that tin besides assistance businesses enactment secure.

Duncan Greatwood, CEO of Xage, a zero-trust information company, pointed retired that a ransomware onslaught tin beryllium overmuch much damaging than conscionable preventing entree to invaluable data. That's an inconvenience and a imaginable disruption to concern operations, but erstwhile an vigor oregon inferior grid is compromised, this tin pb to blackouts, gridlocks and—when information mechanisms are breached—the merchandise of toxic chemicals, lipid spills, fires oregon explosions.

Furthermore, Greatwood pointed out, affluent countries and businesses are premier targets for ransomware attacks. "The higher the anticipation for work reliability, prime and trust, the much apt the concern volition beryllium a people of the attack. For these companies the interaction owed to nonaccomplishment of gross and estimation is overmuch greater than the payout. They besides person the moving superior to wage the ransom. Utilities, lipid and state operators, pipelines, chemic manufacturing, and the nutrient and beverage manufacture are premier targets," helium said.

The occupation is exacerbated by the information that arsenic of precocious the skills required to execute a ransomware onslaught person been dramatically reduced. "Ransomware bundle packages beryllium on with millions of stolen entree credentials connected the dark web that let radical with comparatively small method inheritance to efficaciously execute ransomware attacks. In fact, ransomware-as-a-service models are emerging with implicit bundle offerings for hackers. Hacker groups are based each implicit the satellite with immoderate attraction successful Eastern Europe, China, Iran, Russia," Greatwood said.

Identity-based access, predominant password changes and multi-factor authentication tin assistance trim the incidence of specified attacks, but to beryllium proactive Greatwood and I agreed that identifying the root of repeated, excessive login attempts and blocking specified attempts are important to detecting and reducing the interaction of ransomware attacks.

A zero-trust exemplary is simply a invaluable defence mechanics successful blocking ransomware. "One of the astir effectual ways to forestall ransomware attacks is done the adoption of zero-trust architecture, the modern alternate to perimeter-based security. Built connected the rule 'never trust, ever verify,' a zero-trust information strategy would person prevented ransomware attacks similar the Colonial Pipeline and JBS, by preventing it from spreading crossed the operations portion keeping the cognition running. 

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

The Colonial Pipeline onslaught arsenic good arsenic galore different caller attacks (JBS, Brenntag, Oldsmar, etc.)  show that concern operations deficiency the information controls crossed their cognition to efficaciously identify, isolate and retrieve infected systems. Cybersecurity controls crossed the operations gives the relation the quality to power each enactment betwixt applications, users and machines connected an idiosyncratic ground based connected the individuality and argumentation and with zero trust. When specified controls beryllium they springiness the relation a method to forestall the onslaught from spreading and the cognition tin support moving adjacent during an progressive attack," Greatwood said. 

"Unlike accepted techniques, nether which an attacker tin exploit cyber weaknesses upon gaining entree wrong a web conception perimeter, zero spot treats the individuality of each machine, application, idiosyncratic and information watercourse arsenic its ain autarkic 'perimeter,' allowing granular entree argumentation enforcement. As such, rigorous information enforcement continues adjacent successful the lawsuit that hackers get into an operational oregon firm network—and ransomware gets blocked from traversing betwixt IT and OT systems," Greatwood said.

Greatwood besides emphasized that zero spot is particularly important for companies successful industries that person been slower to modernize, specified arsenic lipid and gas, utilities, and energy. Due to their delayed integer transformation, arsenic good arsenic a premix of bequest and modern equipment, these companies are often the astir hard to secure.

"Cybersecurity and Infrastructure Security Agency precocious published a set of guidelines specifically for concern operations owed to the emergence of ransomware attacks successful this sector. National Institute of Standards and Technology has besides been updating its acceptable of guidelines for protecting Industrial Control Systems from specified attacks. Both are advocating for a defense-in-depth attack focusing connected zero-trust with granular role-based entree absorption for each interactions successful the OT and particularly successful IT/Cloud environments," Greatwood said."

SEE: Ransomware attack: Why a tiny concern paid the $150,000 ransom (TechRepublic)

"Zero spot truly means a mode to power interactions betwixt users, machines, apps and adjacent information connected an idiosyncratic ground requiring authentication and authorization per information policy, vertically and horizontally and crossed aggregate levels. Organizations request to instrumentality controls passim their environments—cloud, enterprise, power center, facilities, substations, upwind farms, everyplace to beryllium capable to not lone protect, but besides rapidly isolate infested systems, and retrieve operations," helium added. 

Here are the benefits (and requirements) of a distributed zero-trust cybersecurity strategy (cybersecurity mesh/fabric) arsenic laid retired by Greatwood:

• No reliance connected implicit spot zones, static accounts and firewall rules
• Each individuality (user, machine, app, data) forms its ain perimeter protection
• Access permissions controlled based connected identity, relation and policy
• All interactions person "just-enough-access" enabled "just-in-time"
• Unsecured protocols specified arsenic RDP, VNC, Modbus and their vulnerabilities are ne'er exposed extracurricular of the organization, alternatively proxied implicit TLS sessions
• Unlike VPNs that enactment distant idiosyncratic devices (and imaginable malware connected them) into networks, ZTA distant idiosyncratic devices are ne'er wrong the web (not adjacent corporate)
• Controls user-to-machine, machine-to-machine, app-to-machine, and app-to-data interactions and secures record and information transportation wrong and crossed OT, IT and Cloud 
• Vertical (corporate and distant to power network) and horizontal (ICS site-to-site) entree management
• Driven by cardinal argumentation absorption and enforced utilizing distributed nodes (any asset, immoderate location). The cybersecurity mesh with distributed identity-based enforcement is simply a apical strategical inclination for 2021, according to Gartner.
• Overlays into existing OT/IT architectures with nary web changes oregon systems changes (compatible with existing deployed basal of workstations, HMIs, IEDs, etc.)

SEE: Expert: Intel sharing is cardinal to preventing much infrastructure cyberattacks (TechRepublic)

Greatwood pointed retired the hazard of liability here: "Companies paying ransomware fees—the victims of ransomware—may besides beryllium exposing themselves to superior ineligible hazard depending connected the individuality and root of the hackers, since U.S. laws prohibit sending funds to definite organizations and people, specified arsenic terrorists oregon immoderate organized-crime syndicates, and besides prohibits companies from doing concern with definite countries."

Also see

• Stop utilizing your enactment laptop oregon telephone for idiosyncratic stuff, due to the fact that I cognize you are (TechRepublic)
• Password-stealing spyware targets Android users successful the UK (TechRepublic)
• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Security threats connected the horizon: What IT pro's request to cognize (free PDF) (TechRepublic)
• Checklist: Securing integer information (TechRepublic Premium)
• Online information 101: Tips for protecting your privateness from hackers and spies (ZDNet)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)