|
|
|
|
|
|
by bink
1845 days ago
|
|
|
Those are all reasons why a network/company cannot be 100% invulnerable to hacks, but it doesn't answer the question of if a company can be be significantly more resistant to ransomware. My answer to that question is "absolutely". These ransomware attacks are so devastating in no small part due to decisions Microsoft made many years ago. Combining authentication, remote administration, file sharing, printing, event monitoring, security policy updates, and the kitchen sink into Windows Networking. An attacker compromises a single Windows machine and has leeway to attack critical servers across the network. If real segmentation of services were reasonably possible in a Windows environment a single credential couldn't be used to hop between systems and encrypt file services everywhere. Not to say some segmentation isn't possible in these environments but the skills and hours needed to accomplish it are far beyond what most companies have available. And that doesn't even begin to cover the Exchange/Outlook dominance and poor security choices that lead to the higher rate of success for phishing attacks. |
|
|
This is true for almost all types of malware these days, especially when it comes to privilege separation/escalation attacks. All of your observations about segmentation/AD are true here.
As for ransomware specifically, a lot can be done to stop most ransomware, especially small-time stuff. Unlike most malware ransomware is intentionally loud, and performs the same generic actions of enumerating and encrypting files, which makes detecting and stopping most samples with heuristics much more effective than a lot of people would admit: https://www.youtube.com/watch?v=3pH13DxClag
A lot has happened with ransomware in the past five years, but a lot really hasn't - this stuff still works, and would have an effect against the big RaaS strains that people are talking about today.