Overview

The Australian Cyber Security Centre (ACSC) has issued a comprehensive report shedding light on the increasing threat of ransomware and offering detailed advice on how individuals and businesses can protect themselves from this growing cyber threat. With cybercriminals becoming more sophisticated, ransomware attacks are on the rise.

In response to this growing threat, the ACSC’s guidance emphasizes the importance of understanding the potential impact of a ransomware attack. Victims of such attacks may find themselves locked out of their devices, unable to access crucial files, and facing the daunting decision of whether to pay the ransom or face the potential loss of data. The ACSC encourages individuals and organizations to consider the value of their data when assessing the risk of a ransomware attack, asking questions such as: “What data can you afford to lose?” and “What steps are you willing to take to recover from such an attack?”

The ACSC outlines several critical steps that users and organizations should follow to mitigate the risk and impact of ransomware.

ACSC Shares New Mitigation Strategies for Ransomware

1. Secure Devices to Prevent Attacks

Regular updates to devices and software are one of the simplest yet most effective ways to prevent ransomware attacks. Cybercriminals often exploit known vulnerabilities in outdated systems. By updating devices and applications promptly, users can block these attack vectors. Enabling automatic updates where possible ensures that security patches are applied without requiring manual intervention. It is also vital to update servers and Network Attached Storage (NAS) devices, as these are often targeted in ransomware attacks.

2. Set Up Regular Backups

The ACSC underscores the importance of regular backups as one of the most effective defenses against ransomware. A backup is a copy of critical data that is stored in a separate location, such as on an external storage device or in the cloud. In the event of a ransomware attack, restoring from a clean backup can be the fastest and safest way to recover lost data. The ACSC recommends verifying that backup copies are accessible and functional by periodically testing restores.

3. Implement Access Controls

Limiting who can access certain files and systems is another crucial layer of protection. By establishing strict access controls, organizations and individuals can reduce the risk of ransomware spreading across devices. This includes setting up user accounts with appropriate permissions. For example, users should have standard accounts with limited access, while administrator privileges should be reserved for those who require them. This reduces the chances of ransomware encrypting sensitive or important data.

4. Utilize Antivirus Software

Using up-to-date antivirus software can help prevent, detect, and remove ransomware before it can cause cyber harm. The ACSC recommends keeping antivirus software active at all times and ensuring that it is regularly updated to protect against the latest threats. Furthermore, some antivirus products offer specific ransomware protection, which can block attempts to encrypt files on a device.

5. Enable Multi-Factor Authentication (MFA)

MFA adds an additional layer of security by requiring more than just a password to gain access to an account. This raises the difficulty for cybercriminals attempting to breach accounts or devices. MFA typically requires something the user knows (such as a password), something the user has (like a smartphone or security token), or something the user is (like biometric data). Enabling MFA for critical services, such as email or business systems, is essential to reduce the risk of ransomware attacks.

6. Be Cautious with Macros

Microsoft Office applications can execute macros, which are small programs that automate tasks. However, cybercriminals often use macros as a vehicle for delivering ransomware. The ACSC recommends disabling macros unless absolutely necessary, and if they must be enabled, users should restrict which macros can run. This precaution reduces the risk of unknowingly executing ransomware through malicious attachments or links.

7. Stay Vigilant Against Phishing

Phishing emails remain one of the most common methods cybercriminals use to distribute ransomware. These emails often contain malicious links or attachments that, when clicked, trigger the ransomware download. Users should be wary of unsolicited messages, particularly those that ask for personal information or urge immediate action. If the message seems suspicious, it’s best to verify its legitimacy through a separate communication channel.

8. Consider Cloud Services

For small businesses or home networks, the ACSC suggests using cloud-based services that offer built-in security protections. Cloud providers often have stronger security measures than many businesses can implement on their own, including regular updates and proactive threat detection. Migrating to cloud services can reduce the risk of data loss from a ransomware attack.

Case Study: Securing Virtualization Hosts

The ACSC has also responded to incidents where cybercriminals targeted virtualization host servers. These attacks involved encrypting the virtual machine files, effectively rendering them inaccessible. Had the affected businesses taken steps to secure their host servers—such as implementing MFA or monitoring login activity—they could have reduced the impact of these ransomware attacks.

Conclusion

Small businesses with advanced home networks must secure their servers and NAS devices from ransomware using strong passphrases, regular updates, and multi-factor authentication while actively monitoring system activity. Leveraging AI-powered cybersecurity platforms like Cyble can enhance threat detection and defense with real-time monitoring and proactive risk management.

By following the ACSC’s recommendations on backups, antivirus software, and access controls and integrating Cyble’s cutting-edge threat intelligence, businesses can effectively protect themselves against ransomware and cybercriminals.

References

• https://www.cyber.gov.au/report-and-recover/recover-from/ransomware/protect-yourself-from-ransomware
• https://www.cyber.gov.au/sites/default/files/2023-03/ACSC_Ransomware_Prevention_Guide_05082022_0.pdf
• https://www.cyber.gov.au/sites/default/files/2023-03/ACSC_Ransomware_Emergency_Response_One_Page_Guide_0.pdf
• https://www.cyber.gov.au/sites/default/files/2023-03/ACSC_Ransomware_Emergency_Response_Guide_0.pdf

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.