Jul 15, 2020

Rapid7: Ransomware Playbook - prevention and action

William Girling
3 min
In our last article on Rapid7’s newly released Ransomware Playbook, we explored how ransomware is changing and how to identify risk...

In our last article on Rapid7’s newly released Ransomware Playbook, we explored how ransomware is changing and how to identify risk.

Whilst knowing the shape of the cybercrime landscape is a vital part of combatting it, no security strategy can be complete without informed details on how best to prevent a cyberattack or deal with one already underway. 

The best defence is prevention

With cybersecurity, as with physical health, it is far better and easier to nip problems in the bud before they take on larger, more serious proportions.

First and foremost, importance should be placed on ‘user education’ regarding ransomware to ensure an organisation has a solid surface-level defence.

“User education is the first line of defence in our preventative arsenal - people should not be clicking suspicious links or visiting websites that are known carriers of malvertising networks. Organisations should look to add technology and content that reminds the user to be cautious when the user needs to be cautious,” says the report.

Other useful methods for prevention include:

  • Reducing the company’s ‘attack surface’ by segmenting system networks to prevent total infiltration from a single point, as well as siloing mission-critical systems from others.
  • Administrate account permissions.
  • Use mail scanners to filter suspicious files or attachments.
  • Scan for vulnerabilities regularly and thoroughly and patch any weaknesses quickly.
  • Monitor processes and macro scripts which could facilitate malware.

Taking direct action

Establishing a good culture of ransomware prevention should stand you in good stead for avoiding a cyberattack in most instances. However, if a threat has been detected, it is often too late and consider further prevention. Instead, Rapid7 states that organisations must take swift and decisive action.

Three options are immediately available:

  1. Isolate and remove the infected system from the rest of the network to contain the threat.
  2. Ensure that all files are backed-up regularly and can be restored at short notice if required.
  3. Where possible, issue new assets in cases where you have reason to suspect that old equipment has been compromised or poses a substantial risk.

Most importantly, Rapid7 advocates that companies do not succumb to the temptation of paying a ransom to restore systems, even if it initially appears the most expedient solution:

“Most stances, ​including the US FBI​, recommend not paying the ransom demanded by cybercriminals. Similar to other criminal actions, it’s recommended not to negotiate since there is no guarantee the criminals will send you the decryption keys and you’ll regain access to your files. 

“Paying the ransom will encourage criminals to continue carrying out these attacks by funding their activity.”

How can Rapid7 benefit your business?

As its Ransomware Playbook makes clear, Rapid7 is an expert on every layer of cybersecurity which can help ensure the integrity of mission-critical systems and valuable data. 

For risk management and preventative measures, the company’s InsightVM​ solution will identify and prioritise core assets that some organisations might not consider as being at risk from malware.

Regarding incident detection, InsightIDR “uses a variety of mechanisms to detect ransomware in your environment utilising the configured foundational event sources and the endpoint agents.” 

It does this by tackling the four distinct stages of ransomware, namely: initial ingress, code execution/download/deployment, defence evasion and spread.

“Beyond curated threat signatures, InsightIDR comes with pre-built Attacker Behavior Analytics (ABA) detections built by the Threat Intel team. 

“ABA applies Rapid7’s existing experience, research and practical understanding of attacker behaviours to generate investigative leads based on known attacker tools, tactics and procedures (TTP),” says the report.

Proper utilisation of these tools, in addition to Rapid7’s constantly expanding library of plugins and workflows (Extensions), will make an organisation thoroughly resilient to the trials of modern cybersecurity.

Education, practical knowledge and strong partnerships will all play their role in ensuring that ransomware doesn’t impact your business; Rapid7 is amongst the best at fulfilling all three.

Share article

Jun 14, 2021

BIS and Bank of England launch Innovation Hub London Centre

2 min
The Bank of England and Bank of International Settlements (BIS) have launched a new London-based centre as an expansion of the BIS Innovation Hub programme

The Bank for International Settlements (BIS) and the Bank of England have launched the BIS Innovation Hub London Centre, the fourth Innovation Hub Centre to be opened in the past two years. 

The BIS Innovation Hub's work programme is currently focused on six areas: use of technological innovation in supervision and regulation (suptech and regtech), next-generation financial market infrastructures, central bank digital currencies, open finance, cybersecurity, and green finance. 

The launch is part of a plan to expand the global reach of the BIS Innovation Hub, which also includes the opening of Centres with the Bank of Canada (Toronto), the European Central Bank/Eurosystem (Frankfurt and Paris) and the four Nordic central banks (Danmarks Nationalbank, the Central Bank of Iceland, the Central Bank of Norway and Sveriges Riksbank) in Stockholm.

“The BIS, together with its partners, is taking a leading role in coordinating the work of central banks on technological innovation in the financial sector to pave the way for the future of central banking. This new Centre in London reflects the Bank of England's critical role as an innovator in responding to the challenges and opportunities of the digital world while safeguarding financial stability.” said Agustín Carstens, General Manager of the BIS. 

“The UK is known for pushing the boundaries of digital finance so it's great to have the new Innovation Hub opening here. Its work will help central banks to support safe innovation, and boost our efforts to capture the extraordinary potential of technology.” said Rishi Sunak, UK Chancellor of the Exchequer. 

Importance of banks staying up to date with the latest technologies

It is important that banks upgrade their legacy systems to handle the new wave of digital payments and currencies.  The hubs are focusing on the study of these areas so that they can help the various central banks and also carry out their own tests on these as the financial system across the world prepares itself for this digital transformation.

It is likely that there will need to be changes and upgrades to handle the various practices and processes that are to come into existence and it is expected that these hubs would advise the various central banks on how such practices need to be regulated and supervised as the new rules need to blend the processes of both legacy and digitalisation systems.

In the coming years, the focus will turn to green banking. Every institution has a responsibility to take care of the environment and bring in processes to help the Earth stay green. With digital currencies using a mass amount of electricity, it remains to be seen how the banks are going to handle this new developing situation.

Share article