Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 19)
Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
See all Unit 42 Threat Research
Threats

Ransomware Prevention: What Your Security Architecture Must Do

2 min. read

Ransomware can bring your business operations to a halt, ­encrypting sensitive data and forcing you to pay the attacker to regain access. Keeping your organization safe requires a fundamental shift toward ­prevention, and away from simple detection and remediation ­after infection. The right architecture can make prevention real. You can use this checklist to implement a true prevention-based platform.

Related Video

Ransomware (Part 1)

Step 1: Reduce the Attack Surface

  • Gain full visibility and block unknown traffic.
    Identify all traffic on the network and block unknown, potentially high-risk traffic.
  • Enforce application- and user-based controls.
    Restrict access to SaaS-based tools for employees who have no business need for them.
  • Block all dangerous file types.
    Not all file types are malicious, but those known to present higher risk, or associated with recent attacks, can be controlled.
  • Implement an endpoint policy aligned to risk.
    Enforce policies that restrict noncompliant endpoints from connecting to critical network resources.

 

Step 2: Prevent Known Threats

  • Stop known exploits, malware, and command-and-control traffic.
    Blocking known threats raises the cost of an attack and ultimately reduces the likelihood of an attacker attempting a breach.
  • Block access to malicious and phishing URLs.
    Prevent users from inadvertently downloading a payload or having their credentials stolen by blocking known malicious and phishing URLs.
  • Scan for known malware on SaaS-based applications.
    SaaS-based applications represent a new path for malware delivery and must be properly secured.
  • Block known malware and exploits on the endpoint.
    Endpoints are common targets for attacks. Ensure you are keeping your endpoints secure by blocking any known malware or exploits.

 

Step 3: Identify and Prevent Unknown Threats

  • Detect and analyze unknown threats in files and URLs.
    As new files are submitted, detonate, analyze and look for malicious behavior.
  • Update protections across the organization to prevent previously unknown threats.
    Automatically push protections to different parts of your organization’s security infrastructure.
  • Add context to threats, and create proactive protections and mitigation.
    Developing protections requires context to better understand the attacker, malware and indicators of compromise.
  • Block unknown malware and exploits on the endpoint.
    Once unknown threats or trends of suspicious behavior have been identified and blocked, block unknown malware and exploits on the endpoint.

Get the latest news, invites to events, and threat alerts