5 ways to prevent APT ransomware attacks
Advanced persistent threat (APT) groups have turned ransomware campaigns into an effective business model. In this episode of Cyber Work Applied, Infosec Principal Security Researcher Keatron Evans shows you how to slow down APTs.
APT groups and ransomware
Learn five ways to prevent your organization from becoming the next ransomware victim in this video. Then check out Keatron's free report, The ransomware paper: Real-life insights and predictions from the trenches.
Cyber Work listeners get free cybersecurity training resources. Click below to get your free courses and other materials.
How to prevent ransomware attacks
Below is the edited transcript of Keatron’s APT ransomware attack prevention walkthrough.
What are APT groups?
(0:00-0:29) Did you know that APT groups comprise some of the most elite hacking groups and hackers in the world? They range from small businesses created specifically to profit from stealing data and breaking into organizations to being units of some of the world's most powerful military and intelligence organizations.
Let's break down how they work, why they're so surgically effective and how their involvement in ransomware campaigns has made them nearly unstoppable.
Two year's worth of NIST-aligned training
Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.
How do APTs operate?
(0:30-0:54) Advanced persistent threats, or APTs, operate in some cases just like a Fortune 500 corporation or in other cases, the same way as a well-oiled, perfectly disciplined military unit.
Well, in some cases, they actually are military units, and some of them are actually small corporations. It's no secret that most countries with the capability and the budget to engage in offensive hacking indeed have organized groups.
How ransomware has evolved
(0:55-1:57) When ransomware initially became a thing that we had to deal with in the industry, it was mostly the results of wide-cast nets that snagged anyone vulnerable. They were looking for blanket payments, usually in small amounts to increase the likelihood that people would pay.
But what we're seeing now is that ransomware operators are spending more and more time in organizations doing significant recon to discover things such as whether the organization has ransomware or cybersecurity insurance. There's even been a few cases where they went as far as to find out how much the insurance policy paid out and then simply demanded that exact amount in ransom.
Once these groups get ahold of critical files, they are encrypted to the point that makes it virtually impossible for the victims to read their own files without getting the encryption key from the ransomware operator. Most victims are left to either pay the ransom or restore everything from backups. To make matters worse, these groups are now adding the additional habit of threatening to leak stolen inside information to the public if the ransom is not paid.
Ransomware dwell time is 100 days
(1:58-2:17) Keep in mind some of these recon operations that happen before the ransomware is actually launched could last weeks — or even months in some cases. The average time for an intruder to be inside a network before they're detected, what we call dwell time, is about 100 days. This is a lifetime for a skilled hacker to find everything they're looking for.
5 ways to mitigate ransomware attacks
(2:18-2:23) Here are five things you can do to help prevent ransomware attacks and mitigate the damage if they are successful.
1. Have good regular data backups
(2:24-2:36) Make sure you have good regular backups of all your important data. Most importantly, test those backups.
Not only will this likely save your organization, but it will give your incident response teams options.
2. Keep systems updated and patched
(2:37-2:46) Keep all your systems up-to-date and patched.
One of the most common methods of deployment is still via exploitation through unpatched vulnerabilities.
3. Conduct regular phishing tests to educate users
(2:47-2:57 ) Conduct regular phishing tests and keep your users educated.
Social engineering is still at the top of the list of ways ransomware operators get inside.
4. Be vigilant in segmenting your network
(2:58-3:12) Be vigilant in segmenting and segregating your network.
One of the primary goals of ransomware operators is to spread as quickly as they can internally. The more localized you can keep the attacks, the less damage they will usually cause.
5. Disable remote protocols
(3:13-3:24) Disable remote management protocols like Microsoft RDP when it's not needed.
Doing these five things should slow down APT groups as they attempt to infiltrate your organization.
Get six free posters
Reinforce cybersecurity best practices with six eye-catching posters found in our free poster kit from our award-winning series, Work Bytes.
More cybersecurity training resources
Want more free resources? Check out the weekly Cyber Work Podcast for in-depth conversations with cybersecurity practitioners and industry thought leaders.
Cyber Work listeners also get other free cybersecurity training resources. Check out the latest free courses and resources to keep learning!
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- 5 ways to prevent APT ransomware attacks
- Tax scam season: How to protect your data from common scams in 2024
- Security awareness for kids: Tips for safe internet use
- Celebrate Data Privacy Week: Free privacy and security awareness resources
- Consumer data, who owns it and who protects it?
- Human error is responsible for 74% of data breaches
- What is a social engineering attack?
- Biggest cybersecurity mistakes by large organizations
- 4 common social media scams (and how to avoid them)
- From theory to practice: Designing a successful security awareness training program
- Understanding cyberattacks: Types, risks and prevention strategies
- Securing digital frontiers: The importance of information and IT security awareness training
- Optimizing your corporate security awareness training: Strategies and techniques
- What is security awareness: Definition, history and types
- Top 10 security awareness training topics for your employees in 2023 and beyond
- AI best practices: How to securely use tools like ChatGPT
- Connecting a malicious thumb drive: An undetectable cyberattack
- 4 mistakes every higher ed IT leader should avoid when building a cybersecurity awareness program
- ISO 27001 security awareness training: How to achieve compliance
- Run your security awareness program like a marketer with these campaign kits
- Deepfake phishing: Can you trust that call from the CEO?
- Fake shopping stores: A real and dangerous threat
- 10 best security awareness training vendors in 2022
- How to hack two-factor authentication: Which type is most secure?
- Malicious push notifications: Is that a real or fake Windows Defender update?
- Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
- How IIE moved mountains to build a culture of cybersecurity
- At Johnson County Government, success starts with engaging employees
- How to transform compliance training into a catalyst for behavior change
- Specialty Steel Works turns cyber skills into life skills
- The other sextortion: Data breach extortion and how to spot it
- Texas HB 3834: Security awareness training requirements for state employees
- SOCs spend nearly a quarter of their time on email security
- Security awareness manager: Is it the career for you?
- Risks of preinstalled smartphone malware in a BYOD environment
- The ROI of security awareness training
- 5 reasons to implement a self-doxxing program at your organization
- What is a security champion? Definition, necessity and employee empowerment [Updated 2021]
- Excel 4.0 malicious macro exploits: What you need to know
- Worst passwords of the decade: A historical analysis
- ID for Facebook, Twitter and other sites? Not so fast, says security expert
- 3 surprising ways your password could be hacked
- Fake online shopping websites: 6 ways to identify a fraudulent shopping website
- All about carding (for noobs only) [updated 2021]
- Password security: Complexity vs. length [updated 2021]
- What senior citizens need to know about security awareness
- 55 federal and state regulations that require employee security awareness and training
- Brand impersonation attacks targeting SMB organizations
- How to avoid getting locked out of your own account with multi-factor authentication
- Breached passwords: The most frequently used and compromised passwords of the year
- Top 5 ways ransomware is delivered and deployed
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
Security awareness
Tax scam season: How to protect your data from common scams in 2024
Security awareness
Security awareness
Celebrate Data Privacy Week: Free privacy and security awareness resources
Security awareness