Protect Yourself from Ransomware Attacks!
Recently, hackers have been actively targeting information systems with various types of ransomware attacks.
Ransomware infections typically occur through vulnerabilities in organizations’ external perimeters. Therefore, it is critical for system owners to use updated and patched software versions.
Below is a list of currently exploited software products and their identified vulnerabilities (see product names and CVE identifiers), along with technical recommendations. System owners are strongly advised to immediately update affected software to the latest versions upon detecting such vulnerabilities.
Recommendations:
- Detect and Block Malicious Files
Configure IDS/IPS systems with additional rules based on common ransomware file names, extensions, and hash values. - Network Segmentation
Divide internal networks into segments to prevent malware from spreading across systems. - Automated Backups
Maintain regular backups of critical data and system files, storing them on isolated, offline devices. - Monitoring
Implement SIEM solutions to detect anomalous/suspicious network activity and enable real-time alerts. - Principle of Least Privilege (PoLP)
Grant users only the permissions essential for their tasks. Administrative rights should be restricted to exceptional cases.
Note: Timely software updates, access control, and backups significantly reduce the risk of successful ransomware attacks.
