Over the past few years, we’ve seen a dramatic increase in the number of ransomware cases hitting both individuals and organizations. Just this week Seyfarth Shaw, a global legal firm with Australian offices, said it is the victim of an “aggressive malware” attack, believed to be ransomware. The firm said in a statement that it was attacked on October 10 US time.. Hackers have targeted all types of individuals and companies, with financial gain as their primary motivation. How does it work?
When a user visits an infected website or clicks on a link in an email or popup window, the ransomware downloads onto your computer and exhibits certain behaviors in an effort to extort you for money. Some ransomware will continuously display popups of inappropriate material (e.g. pornography), while others known as crypto-ransomware will encrypt your hard drive or delete data every so often.
Ransomware is a nightmare, and can cause complete and utter destruction for an individual or company if it makes its way onto your computer. Because it is extremely difficult to recover systems hit with ransomware without paying the price, it is by far best to prevent it from landing on your systems in the first place. There are numerous ways to harden your systems to prevent ransomware attacks.
All organizations of any size should have some form of security awareness policies and training, which provides end users with bests practices for the use of non-corporate websites (e.g. search engines, social media, gaming websites, etc.), email safety, as well as removable media (USBs, external drives). Best practices include only opening email attachments from known, verified senders, not clicking on any popups from the internet, and not venturing into websites that are linked to social media platforms – regardless of who posted it.
Use tools such as CrpytoPrevent, which are able to write hundreds of group policy objects (GPOs) into a system’s registry in order to prevent ransomware from lodging itself into these locations. SRPs use group policies to prevent executables from running, which enables a system administrator to essentially lock down areas of an operating system (or the entire OS) to contain ransomware.
External Spam Filtering services such as Exchange Online Protection, or Manage Protect are able to search email content and attachments to looking for malware, phishing attempts, or suspicious links embedded in emails. System administrators should use spam filters to their fullest extent to augment their gateway security by configuring appropriate rules and policies to prevent any malicious content from making it to user’s inboxes.
Unified threat management (UTM) platforms work best when they are activated on edge devices, protected your network perimeter. Next-gen firewalls equipped with UTM are able to perform content filtering, intrusion prevention and detection (rather than setting up separate IDS/IPS devices), and spam filtering functions. UTM performs deep packet inspection 0 rather than simply reading the metadata on network packets, the contents of packets is inspected for malicious files or content.
Built in dual-antivirus solutions on both the endpoints and network entry points (including email and network gateways) to provide multiple layers of protection. Best practices include using different systems for email AV and endpoint/network AV to provide multiple layers of protection. It is always possible that one company will miss a threat that another catches ahead of time.
WebTitan Cloud is a service with augments the function of DNS to provide advanced malware protection. Services include additional phishing protecting, and analysis of queries to block malicious requests. WebTitan Cloud applies security rules across the enterprise network for consistent application of security rules. It also allows for webpages to be blocked, and provides the ability to enter bypass codes when necessary.
Aside from preventative measures, it is absolutely vital that all computer systems and network devices are safeguarded in the event ransomware makes it through all of your preventative controls. The best way to recover a system without making payment is to ensure that there are up-to-date, reliable backups created for all data (operational, development, configuration files, etc.). Backups can be created to roll a system back to a point in time just before the ransomware attack occurred, minimizing the loss of data and damage done to your computing devices. Additionally, larger organizations have begun looking at “air-gapped” solutions, in which continuous backups are created and sanitized, before being stored in a “vault”. This vault solution provides an immediate method to restore systems, while scanning all data entering the vault to verify the absence of malware or malicious activity.
Ransomware can be detrimental to an both individuals and organizations alike if it makes its way into your systems. Though our attackers have become more sophisticated in their attack methods, if we invest time and resources into our security strategies we can greatly harden our networks and rid ourselves from the vulnerabilities that plague us. Both preventative and fail-safe measures are extremely important to protect your data (and wallets!), and the extra effort into your security approach will provide much peace of mind.
In order to ensure dependable worry-free backups, you need redundancy which is what the traditional 3-2-1 Backup is all about. The topology design of the 3-2-1 backup is as follows:
Three copies of your data means that one copy is the original data supported by two separate backup copies. Your data should reside on two separate mediums such as that of a network share, an SSD drive on some type of storage array. It can also be traditional tape media that seems so legacy today, but is mobile enough to take offsite to a secure location such as a separate site used by your organization or even a safety deposit box at a local bank. A possible solution which satisfies both conditions of two media types and a remote location is utilizing the snapshotting feature of your SAN infrastructure. By snapshotting your data at regular intervals throughout the day to an identical environment at a disaster recovery location, you can easily recover from an attack on a virtual host server or VM. Of course it goes without saying that any backup plan includes regular test restorations of the data to ensure that your data can be recovered intact.
It needs to be mentioned that ransomware may be maturing as a form of malware and thus may evolve into new forms that may in fact be able to expand beyond direct physical connections. The one certainty of ransomware however, is that maintaining a well-designed working backup solution will serve as an effective measure against the lasting effects of ransomware, no matter how it may evolve one day.
Talk to a specialist or Email us at firstname.lastname@example.org with any questions
Sign-up for email updates...