Based on Colonial pipeline & other attacks, a lack of 2-factor authentication (2FA) for remote access to consoles is sited as a key weakness.

Ransomware Defenses (

But the Ransomware Guide published last September has a decent list of additional advice that is worth reading.  From what became known of recent successful attacks, it looks like lack of 2-factor authentication (2FA) is still the most prevalent root cause. If you still have any remote access or remote desktop connections that rely on userid/password only, switch them to 2FA now!  And if you still have any webmail or the like without 2FA, make the change there as well.

To those recipients, the email will look like it came from a known and trusted source, which increases the damage potential. Don’t be the company that emails ransomware to others – activate 2FA for all your email users!

If you are in an industry that is considered to be part of “critical infrastructure” and are based in the US, you can apply to receive vulnerability scanning and security assessment support from CISA, *for free*. Check out .

Further resources from SANS include a recent webcast, and a compilation of anti-ransomware resources. There is also an upcoming SANS Training, currently in Beta Test, titled “FOR528: Ransomware for Incident Responders”, see for more information.