Staying ahead of threat actors is a game of cat and mouse, with attackers often having the upper hand. In 2023, LockBit was the most deployed ransomware variation across the world. And the year before, LockBit was known to be the world’s most active ransomware group and RaaS provider in terms of the number of victims claimed on their data leak site.
As ransomware continues to grow and evolve, new strains are developing. The last ransomware strain named Rorschach is the proof. It is one of the fastest strains on the ransomware market today.
In a test of 22,000 files on a 6-core machine by Check Point, all files were partially encrypted in 4.5 minutes. Compared to 7 minutes for LockBit, previously considered one of the fastest ransomware strains, Rorschach quickly compromised a system.
Why are the files partially encrypted? A new encryption scheme called intermittent encryption only encrypts part of the file, making it unreadable.
By dramatically reducing the time it takes to encrypt files, security software and personnel have limited time to prevent an attack. The result is the same: the victim cannot access his files.
Encryption speed is crucial because it reduces the time a user or an IT organization has to react to a security breach. This increases the likelihood of a successful attack.
If successful, Rorschach ransomware, for example, can create a group policy that deploys the ransomware to every machine in the domain, even if the attack initially targets only one machine.
The question then becomes: what are the best practices for defending against ever-increasing threats? Below are six crucial steps to protect yourself and your organization against attacks such as Rorschach.
Defend your organization against cybercrime
1. Access controls
One of the first steps in securing your organization is to ensure that each user has only the level of access they need. Implementing policies such as Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC) ensures that no compromised user or account can access data outside of its boundaries.
With proper controls in place, you can verify when an account is taking an action outside of its authorized permissions, and fast onboarding and offboarding enables quick reactions to security events.
2. Password Policies
Underlying accounts are an appropriate password policy. This may include adhering to industry standards such as NIST 800-63B or verify previously compromised account passwords.
Industry standards and breached password protection are difficult to adhere to, and software such as Specops password policy with Breached Password Protection can greatly facilitate this process.
Ensuring that a user who changes their password follows the policy and does not use a previously compromised password ensures that your organization is protected.
3. Multi-Factor Authentication (MFA)
Account compromises can occur, but layering two-factor (2FA) or multi-factor authentication can help mitigate this risk. By combining a strong password with a second level of authentication, a malicious actor who has compromised an account may not be able to use the stolen password.
Multi-factor authentication (MFA) is especially important for privileged accounts because it improves account security even if a password is stolen.
Data breaches are common, so using multiple methods, such as a unique time-based number (TOTP) or a biometric factor like a fingerprint, will make an attacker’s job much more difficult.
4. Zero Trust Architecture
One of the latest security strategies in the industry is moving to a zero-trust architecture. Instead of implicit trust, every connection and action must be authorized and authenticated.
By removing the default trust implicit to everything within a network, Zero Trust ensures that even if an account is compromised, it can be almost instantly disabled for further access.
5. Penetration testing
Despite all the proper precautions, to be truly proactive and uncover situations where security may be lacking, it is essential to perform penetration testing. By actively attempting to compromise and attack your infrastructure, you can Quickly discover security vulnerabilities before a threatening actor does.
6. Data Backup
Finally, it is crucial to have complete and appropriate data backups that cover your entire infrastructure, even in the event of a ransomware attack. This will allow you to quickly recover your infrastructure if the worst happens and ensure that you can restore services and functionality.
By recovering quickly, you begin to mitigate the impact a successful ransomware attack can have, while learning what may have been compromised.
Protect your organization
Although the previous six steps do not guarantee foolproof security, they can protect you against increasingly sophisticated threats like Rorschach. Although this ransomware uses a unique code to speed up encryption, there are likely to be many improvements in the future.
These actors often target low-hanging fruit, such as previously compromised passwords, thereby preventing such attacks by applying a stronger strategy. password policy may force them to look elsewhere.
You can also start a free download for scanner your Active Directory for over 940 million compromised passwords. Make sure your users aren’t using previously stolen credentials.
By prioritizing proactive security and implementing security measures to protect your frontline defense, an organization can stay one step ahead of threat actors looking to exploit any vulnerabilities.
Sponsored and written by Specops software