Ransomware – What Not To Do! | Smart Thinking Solutions

As yesterday was Patch Tuesday – it seemed appropriate to run this latest part of my ransomware series today.

This article about ransomware is going to be short and to the point. DO NOT SKIP software or operating system patches and updates.

Switch on automatic updates.

Finished.

Well not quite…

Software that has a known security vulnerability is probably the most popular attack vector for threat actors after phishing and social engineering. Patches and updates need managing and monitoring for a joined up cyber security plan.

For better ransomware protection patch your vulnerabilities

Keeping up with the security patches is important. One of the best known vulnerability references on the web – other than the individual vendor sites – is the US government’s Cybersecurity and Infrastructure Security Agency (CISA) “Known Exploited Vulnerabilities Catalog (sic)”. (CISA. 2023). This database is regularly updated and can show you quickly if your software package or operating system has a flaw that is being exploited by threat actors and where to get help. However it does not cover everything and that is where the vendor pages are a valuable resource, especially if you are using less common software.

Remember also that CISA is a US government agency so it highlights packages used by the US government and US-centric software, but it is still a great help to other organisations trying to mitigate risks.

Microsoft Patch Tuesday

I know other software exists, but Microsoft is dominant in the business world (do you use Microsoft 365 on your Mac?), so keeping up with Microsoft patches is essential. As the number of potentially vulnerable users is very high, any vulnerability there is exploited immediately. Very high = more money for the threat actors.

I have written about Patch Tuesday here:

How Microsoft Patch Tuesday can help your cyber security planning

Other companies have also taken to releasing their patches on and around Patch Tuesday and even Apple has occasional Patch Tuesdays. Remember to check other vendor update pages or sign up for newsletters that will keep you up-to-date with their security patches.

Microsoft does issue patches at other times, however, especially when addressing a zero-day threat.

The zero-day threat and ransomware

The zero-day threat is when a threat actor discovers a software flaw and exploits it before the vendor knows there is an issue. The vendor then produces a patch, tests it and gets that patch to you, but there is an unavoidable time lapse. I have written about that security gap before and how your team and their cyber awareness training is what protects you. Ransomware has the perfect opportunity to get in during that gap.

But un-patched software is still a way in for ransomware

Of course IT professionals always patch their software!

Well, no. un-patched VMware ESXI servers have been in the news lately. The security patch to fix the vulnerability was issued two years ago, but over 18,000 servers remained un-patched and vulnerable to a ransomware attack – many were encrypted. (Greig. 2023)

So make sure you keep things patched. Your Cyber Security Master Document will always be your friend in these situations.

Clive Catton MSc (Cyber Security) – by-line and other articles

References

CISA. (2023). Known exploited vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency. Retrieved February 14, 2023, from https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Greig, J. (2023). More than 18,500 ESXI servers still vulnerable to VMware bug behind initial ransomware spree. The Record from Recorded Future News. Retrieved February 14, 2023, from https://therecord.media/esxiargs-ransomware-vmware-more-than-18500-servers-still-vulnerable/

Grimes, R. A. (2021). Ransomware protection playbook. John Wiley & Sons, Incorporated.

Ransomware Mini-Series (2023)

This is part 5 of my ransomware mini-series:

Ransomware: Is it a Threat? (Part 1)

A Bag of Spanners – Planning and Preparation (Part 2)

Minimise the Damage – Planning and Preparation (Part 3)

Detecting Ransomware (Part 4)

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.