Over the past few years, we’ve seen a dramatic increase in the number of ransomware cases hitting both individuals and organizations. One of the most prominent cases to date was the Sony Ransomware attack in November of 2014, where their systems came to a screeching halt when their internal communication systems were attacked. Hackers have targeted all types of individuals and companies, with financial gain as their primary motivation. How does it work?
When a user visits an infected website or clicks on a link in an email or popup window, the ransomware downloads onto your computer and exhibits certain behaviors in an effort to extort you for money. Some ransomware will continuously display popups of inappropriate material (e.g. pornography), while others known as crypto-ransomware will encrypt your hard drive or delete data every so often.
Ransomware is a nightmare, and can cause complete and utter destruction for an individual or company if it makes its way onto your computer. Because it is extremely difficult to recover systems hit with ransomware without paying the price, it is by far best to prevent it from landing on your systems in the first place. There are numerous ways to harden your systems to prevent ransomware attacks.
All organizations of any size should have some form of security awareness policies and training, which provides end users with bests practices for the use of non-corporate websites (e.g. search engines, social media, gaming websites, etc.), email safety, as well as removable media (USBs, external drives). Best practices include only opening email attachments from known, verified senders, not clicking on any popups from the internet, and not venturing into websites that are linked to social media platforms – regardless of who posted it.
Use tools such as CrpytoPrevent, which are able to write hundreds of group policy objects (GPOs) into a system’s registry in order to prevent ransomware from lodging itself into these locations. SRPs use group policies to prevent executables from running, which enables a system administrator to essentially lock down areas of an operating system (or the entire OS) to contain ransomware.
External Spam Filtering services such as Exchange Online Protection, or Manage Protect are able to search email content and attachments to looking for malware, phishing attempts, or suspicious links embedded in emails. System administrators should use spam filters to their fullest extent to augment their gateway security by configuring appropriate rules and policies to prevent any malicious content from making it to user’s inboxes.
Unified threat management (UTM) platforms work best when they are activated on edge devices, protected your network perimeter. Next-gen firewalls equipped with UTM are able to perform content filtering, intrusion prevention and detection (rather than setting up separate IDS/IPS devices), and spam filtering functions. UTM performs deep packet inspection 0 rather than simply reading the metadata on network packets, the contents of packets is inspected for malicious files or content.
Built in dual-antivirus solutions on both the endpoints and network entry points (including email and network gateways) to provide multiple layers of protection. Best practices include using different systems for email AV and endpoint/network AV to provide multiple layers of protection. It is always possible that one company will miss a threat that another catches ahead of time.
WebTitan Cloud is a service with augments the function of DNS to provide advanced malware protection. Services include additional phishing protecting, and analysis of queries to block malicious requests. WebTitan Cloud applies security rules across the enterprise network for consistent application of security rules. It also allows for webpages to be blocked, and provides the ability to enter bypass codes when necessary.
Aside from preventative measures, it is absolutely vital that all computer systems and network devices are safeguarded in the event ransomware makes it through all of your preventative controls. The best way to recover a system without making payment is to ensure that there are up-to-date, reliable backups created for all data (operational, development, configuration files, etc.). Backups can be created to roll a system back to a point in time just before the ransomware attack occurred, minimizing the loss of data and damage done to your computing devices. Additionally, larger organizations have begun looking at “air-gapped” solutions, in which continuous backups are created and sanitized, before being stored in a “vault”. This vault solution provides an immediate method to restore systems, while scanning all data entering the vault to verify the absence of malware or malicious activity.
Ransomware can be detrimental to an both individuals and organizations alike if it makes its way into your systems. Though our attackers have become more sophisticated in their attack methods, if we invest time and resources into our security strategies we can greatly harden our networks and rid ourselves from the vulnerabilities that plague us. Both preventative and fail-safe measures are extremely important to protect your data (and wallets!), and the extra effort into your security approach will provide much peace of mind.
Sign-up for email updates...