Kaspersky statement on targeted ransomware: how companies can protect themselves

The recent attack against an insurance giant’s IT operations in some key countries in the region is unfortunately what our experts have been warning us about since last year.

Targeted ransomware attacks or “Ransomware 2.0” are fast becoming a trend in the cybercriminal world since the Maze group. Malicious ransomware families are now conducting data exfiltration coupled with blackmailing. Using pressure tactics, these cybercriminals threaten to publish the data they hold, further increasing the need for their high-profile victims to pay the ransom to protect their valued reputation.

With these recent cases, organizations and enterprises should see ransomware beyond a type of malware. In fact, oftentimes, the ransomware is only the final stage of a network breach. By the time a ransomware is actually deployed, the attacker has already carried out a network reconnaissance, identified confidential data and exfiltrated it. It’s important that organizations implement a whole range of cybersecurity best practices and tools to protect its systems holistically.

Identifying the attack at an early stage, before attackers reach their final goal, can save valued data, reputation, and a lot of money.

To protect your company from ransomware, our experts recommend the following:

• Prohibit unnecessary connections to remote desktop services (such as RDP) from public networks, and always use strong passwords for such services
• Install all available patches for VPN solutions that you use to connect remote workers to the corporate network
• Update software on all connected devices to prevent vulnerability exploitation
• Focus defense strategy on detecting lateral movement and data exfiltration, with special attention to all outbound traffic;
• Backup data regularly and make sure that in case of emergency you have ready access to the backups
• Leverage threat intelligence data to stay up-to-date on attack tactics, techniques, and procedures
• Use security solutions such as Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response that help stop attacks early on
• Train employees to mind the security of the corporate environment
• Use a reliable solution for endpoint protection that counters exploits and detects anomalous behavior and can roll back malicious changes and restore the system
• In case of an attack, ask for help. Law enforcement agencies and private companies such as Kaspersky can help in forensic investigation and expert response after an attack.

KES detects and blocks the Avaddon malware with Behavior Detection technology as well as with scanning engine and cloud detection and with different detection names, including (but not limited to):

• PDM:Trojan.Win32.Generic
• Trojan-Ransom.Win32.Avaddon
• HEUR:Trojan-Ransom.Win32.Generic