When it comes to ransomware attacks, the notification that your data has been encrypted is not the beginning. It’s typically the result of days, weeks, or even months worth of effort. Monitoring for ransomware indicators means that you can detect ransomware early warning signs to stop, or at least reduce the impact of, an attack in its earliest stages.
ManagedMethods cloud security and safety platform provide a variety of monitoring and security tools to help reduce the chances of ransomware—and even phishing—attacks in your district’s Google Workspace and/or Microsoft 365 domains.
Here, we provide an overview of critical monitoring areas and best practices to help you detect ransomware indicators to avoid an attack in your district’s cloud environment. We’ll discuss how to identify indicators of attempted attacks, possible account compromisations, and concerning data oddities using ManagedMethods.
ManagedMethods partners with BlackBerry Security (formerly named Cylance) to scan for potential malware risks in your district’s Google and/or Microsoft 365 domains. This includes emails as well as drive files and shared drive files.
BlackBerry Security uses AI in combination with signature scanning, to find novel and known malware. This provides true zero-day protection for your cloud environment. BlackBerry Security also looks for malware that uses memory maliciously and allows immediate responses through policy enforcement in the ManagedMethods console.
When malware is found in your environment it will be displayed on the Malware Tab. There are two different scan results for malware:
In ManagedMethods, you can download a scan report to see why it was marked as malware. You can also find detailed information about the file that was flagged to see information such as who created it and when, who modified it last and when, who it was shared by and with, and more in just a single click.
As you’re investigating a malware risk, some questions to ask yourself include:
Taking Action In ManagedMethods
The goal here is to have zero results for “active malware” in the malware tab. Using ManagedMethods, you can quickly:
ManagedMethods also partners with BlackBerry Security for malware detection in your cloud-based email apps, Gmail and Outlook. Additionally, the platform uses three methods to scan for potential phishing risks: Google’s Webrisk API, The Phishtank Consortium, and internal phishing content scans.
In the Email Tab, ManagedMethods provides quick filters to identify emails with malware and phishing. Just like in the Malware Tab, with just one click in the results, you can dive into the details of any particular email that is flagged to find out information such as who sent the email, who received it, whose mailboxes it is in, and the message body of the email.
As you’re investigating email malware and phishing risks, some questions to ask yourself include:
Taking Action In ManagedMethods
Using ManagedMethods, you can take both one-off and bulk actions on ransomware indicators you find in your domain.
One-off action options include:
Bulk action options include:
ManagedMethods’ Summary Tab provides admins with an overview of quick data points related to activity in your district’s email, drives, shared drives, logins, risks, and more.
Some common indicators that a ransomware attack is underway, or that your district may be being targeted, that can be surface on the Summary Tab include abnormal login locations, abnormally high login failures, abnormally large number of emails being sent from or to your users, and an abnormally large number of files being shared into your domain. Of course, you can also see an overview of the number of phishing and malware risks in your domain from the Summary Tab. It also provides quick access to each of these areas, and more, to take you where you need to go in the platform to drill down into the details of each risk.
As you’re investigating anomalous activity risks, some questions to ask yourself include:
Taking Action In ManagedMethods
Taking action on these risks will largely depend on what type of behavior you’ve found. Examples of some actions you can take to remediate abnormal activity in your domain include:
According to a Security Intelligence report, over two-thirds of malware downloads originate from cloud apps. This means that, beyond student data privacy concerns and compliance, controlling the third-party SaaS apps that have access to your district’s data is crucial for cybersecurity and ransomware protection.
Identifying and controlling your district’s third-party apps is one area where the ManagedMethods platform really shines. ManagedMethods clearly shows you what apps are most risky, mainly based on the app’s access and management levels. For example, apps that have access to view, edit, and send emails, files, users, roles, and/or groups and OUs have a very high level of access.
To be sure, there are some apps where these access levels are necessary. But there are also many, many more where it’s not. Vendors whose apps have a high level of access to your district’s data should definitely be properly vetted for data use and security compliance.
The Apps Tab in ManagedMethods will break down the total number of apps that are connected to your domain into four levels of risk: Critical, High, Medium, and Low. You will also get a breakdown of your apps by “Sanction Percentage”, which is based on how many ManagedMethods users across all customers have sanctioned an app. Additionally, the Apps Tab provides a breakdown of all your apps by App Category.
There is so much more you can do to control apps in your district’s Google and/or Microsoft domain. I definitely encourage you to schedule a demo to dive into this tool deeper.
As you’re investigating risky apps, some questions to ask yourself include:
Taking Action In ManagedMethods
Using ManagedMethods, you can take both one-off and bulk actions on risky third-party apps you find in your domain.
One-off action options include:
Bulk action options include:
ManagedMethods allows you to create automated alerts and remediation actions based on specific conditions using policies. This is another area where the platform really shines above the rest and makes cloud security and safety easy for time-strapped district tech teams.
Basically, all of the action items discussed above (plus so much more) can be automated through policies in ManagedMethods. This means that, rather than going in and manually taking action, you can get the platform to work for you.
I’ve heard it time and time again from our customers — “ManagedMethods helps me sleep at night.”
This is because they’ve set up policies that automate actions that remediate their biggest concerns, so they can get a restful night’s sleep or even take a relaxing vacation!
If improving your district’s cybersecurity stance is on your project list, now is the perfect time to take a look at ManagedMethods. Schedule a demo today to learn about more of the unmatched visibility and control that your fellow K-12 tech teams are enjoying.