Ransomware attacks surged in 2020 as they exploited companies moving to remote work and the healthcare industry responding to the COVID-19 pandemic. Law enforcement agencies are looking to push back against the cyber criminals in 2021. Special Agent in Charge Michael F. McPherson of the FBI’s Tampa office stated, “This case illustrates the FBI’s capabilities and global partnerships in tracking ransomware attackers, unmasking them, and holding them accountable for their alleged criminal actions.” Even with the FBI’s recent success, ransomware attacks are still a significant threat. To prevent data loss, it’s important to maintain offline, encrypted backups of data and to regularly test them. Backups should be taken at regular intervals to ensure minimal data-loss if they are ever needed. Create and maintain an incident response plan that includes response and notification procedures for a ransomware incident. Regularly patch software and operating systems to the latest available versions. Employ best practices for use of RDP and other remote desktop services by protecting them behind a strong VPN with Multi-Factor Authentication (MFA) and auditing any unusual login events from IP addresses or devices that are different from what the employee account normally uses. Threat actors commonly gain initial access through unsecured Internet-facing remote services or phishing. When an attack makes it through the outer layers of defense, it is important to have a third-party monitoring services such as the Binary Defense Security Operations Task Force. The Task Force provides a 24/7 monitoring solution of SIEM and endpoint detection systems to detect and defend from intrusions on an organization’s network.

Sources: https://www.justice.gov/opa/pr/department-justice-launches-global-action-against-netwalker-ransomware