5 Key Lessons from the Ascension Ransomware Attack

Overview of the Ascension Ransomware Attack

The Ascension ransomware attack occurred in May 2024 when the healthcare company was targeted by a ransomware group known as Black Basta, thought to be linked to Russian-speaking cybercriminals. This group is known for using a “double extortion” model by both encrypting systems and stealing the data. If their ransoms are not met and systems are unencrypted without payment, the group still threatens to release the data publicly unless payment is made.

 

Methods Used in the Ascension Ransomware Incident 

The group utilizes Phish messages meant to trick users into revealing login credentials. Once they have credentials, they move forward with the attack by moving through the network, compromising more systems, and searching for access to administrative permissions. Finding devices that have Local Administrator Permissions is a treasure as these devices will allow an attacker to execute malicious code, perform encryption, and exfiltrate data.

Users may not know they’ve been compromised as the Phish messages appear to be legitimate. Protecting and educating users is a fundamental requirement to keep an organization and its data safe. 

 

Preventative Measures for Ransomware Attacks

There are steps organizations can take to help prevent ransomware and other attacks, minimizing damage, downtime, and exposure even if a user falls prey to a Phishing email similar to the ones used in the Ascension ransomware attack. A few considerations:

 

1. Local Administrative Permissions

Users should not have permanent access to their device’s local administrator permissions. Ransomware groups will attempt to install and run their attack payloads on a compromised device. If these local administrator permissions are withheld from users, the attackers will struggle to proceed with that phase of the attack.

 

2. Multi-Factor Authentication (MFA)

Anyone secured with ‘only’ a password these days hasn’t much of a chance. Passwords are breached by high-powered engines much more quickly than in the past. MFA comes in several levels of strength these days. SMS (text message codes) and Voice are being deprecated as they are no longer secure enough to protect organizations from these attackers. Strong and Phish-resistant MFA methods are available today and should be utilized without fail.

 

3. Training and Testing

Users should have regular (monthly at the minimum) Phish simulation tests and Cybersecurity Awareness (CSA) training. Being experienced in today’s workplace, working within an IT field or position, having studied cybersecurity and computer systems… none of that makes you immune. Anyone can click the wrong thing at the wrong time. Training and testing on the latest methods used by attackers is vital to the health of any organization.

 

4. Data Hygiene

What data is sensitive to your organization? Once you know that, do you know where it is? Are there documents in the personal cloud storage of your employees? Is it attached to emails sitting in an inbox? And who has access to it? Do you have your permissions set such that only the ‘right’ people can view the different types of sensitive information? Organizations need to know what data is sensitive, know where it is, know who can access it, and know if it’s allowed to be sent out to external sources.

 

5. Defenses

Get your defenses in place. Utilize Antivirus, Anti-malware, scanning for links and email attachments, prevention of programs launching unauthorized/suspicious processes in the background, remote access software blocks, prevention of user-permitted software execution (unless authorized), etc. There are a lot of ways to reduce your attack surface. Implementing these defenses is crucial in preventing incidents like the Ascension cyber attack in 2024.

 

Prevent Ransomware Incidents with GCS

 How do you do all that? GCS can help. We offer a managed security program that provides many different avenues of protection and monitoring to help prevent attacks and minimize damage if users are compromised. Our program continues to evolve as the threat landscape changes. 

Some of the features GCS offers, include:

  • Antivirus, Anti-Malware, Link scanning, Email Attachment Scanning, and Anti-Phishing threat policies
  • Alert monitoring
  • Automated and real-time responses to attacks
  • Extended work hours including evening and weekend coverage
  • Implementation of protections based on US and International Intelligence and Cybersecurity Defense agencies
  • A full suite of security features offered by Microsoft
  • Endpoint protection and management
  • Software and Operating System patching, including expedited security update pushes
  • Endpoint and Extended Detection and Response
  • Monthly reporting and optional security briefings
  • Data Security Practices
  • And more!

 

Every organization is at risk of either direct attacks or attacks by association (getting attacked through an organization that you do business with that was compromised). In today’s world, cloud security isn’t optional. Organizations must prioritize securing their systems, data, and user access to mitigate the risks of ransomware attacks and other cyber threats.

Don’t wait until it’s too late. Contact us to discover how GCS can safeguard your business against the evolving threat landscape.

Written by AJ Arjes-Maddox

 

 

 

 

Pin It on Pinterest