Cyberthreat actors looking for vulnerable networks have been disproportionately targeting local governments, compared to larger agencies, because they lack the budget or resources to properly secure their systems, warn cybersecurity experts.
However, the good news is that even though there are hundreds of ransomware families, which contain multiple variants, the threats still share similar attack methods. This means that preventing ransomware threats may not be such an overwhelming burden for IT teams, according to a new Palo Alto Networks report.
The report, “Six Steps to Stopping Ransomware in Schools and Governments,” produced by Palo Alto Networks, shares common methods to thwart attacks as well as recommendations to lay a security foundation that limits or prevents the harm ransomware can cause.
“Ransomware starts by exploiting a vulnerability, delivering a payload and installing on one or more computers or servers,” says the report. And when the payload is able to establish a command-and-control (C2) channel with one or more external servers, attackers can send commands to the infected system or systems.
As attackers attempt to move through the network to deliver payloads to other systems, their end goal is to encrypt as many important files as they can to extract the largest possible ransom, explains the report.
The end result for agencies is that once the files are encrypted, it’s almost impossible to reverse the damage without the decryption key.
By understanding the way ransomware attacks work, IT security experts say that disrupting the lifecycle of a ransomware is an agency’s best bet to limit the impact to the organization.
The report highlights six ways agencies can disrupt the lifecycle of ransomware, which include:
- Maintaining traffic awareness.
- Disable the delivery through training on phishing campaigns and tools that identify and block malicious files and links.
- Prevent ransomware installation with modern endpoint security tools.
- Disable the command-and-control channel by updating DNS.
- Prevent lateral movement by implementing a zero-trust security strategy.
- Employ automation tools to help the organization quickly detect and repel future attacks.
The report shares how Palo Alto Networks’ integrated innovations work together to automatically prevent ransomware’s spread across agency resources with a suite of solutions that address these six key security capabilities.
The next-generation firewall lays across both the physical and cloud infrastructure and offers a deep visibility into application, user and traffic data. Detection capabilities are strengthened using advanced analytics, machine learning, shared intelligence and automated protections built into the system.
This enables agencies to block ransomware on computers and servers by combining local AI- and behavior-based analysis with data from other endpoints as well as cloud and network environments.
Learn more about modern security tools to limit the impact of ransomware.
This article was produced by StateScoop for, and sponsored by, Palo Alto Networks and Carahsoft.