Ransomware: Easy to get hit, difficult to stop and costly to recover
Ransomware is shaping up to be the ‘malware du jour’ for 2016. Why? Because it is profitable for cyber-crooks. And it’s not that difficult to deploy. According to Geek.com, Cryptowall, a ransomware application, generated over US$30 million in a short time for criminals. The criminal marketplace (yes, ransomware is sold and traded within the DarkWeb) provides a wide range of choices and varieties of ransomware, with many variants popping up on a daily basis. Clearly, you need to be more vigilant than ever to keep ransomware out of your network.
Why is ransomware difficult to stop?
The first reason is distribution. “Most ransomware infects its victims via phishing attacks,” says Gary Gardiner, A/NZ director of engineering and services at Fortinet, a global leader in the provision of advanced cyber security solutions. “Phishing attacks are the most common method of infection and come in a wide range of delivery methods such as drive-by downloads, compromised websites and malvertising. Malvertising occurs when malicious sources distribute malware to hundreds of websites hosting ads for revenue.”
The second reason is Ransomware’s very nature. “Most ransomware is polymorphic,” he continues. “From the perspective of computer code and analysis, it is always changing. Anti-virus software traditionally looks for known threats and patterns. But since ransomware is always reinventing itself, it can sneak past many AV solutions.”
How do you protect yourself against ransomware?
“Ransomware is like any other malware,” says Gardiner, “and can be stopped by both policy and technology. Here are ten basic rules that you can adopt to keep you network safer from ransomware.”
1. Develop a backup and recovery plan. Back up your systems regularly and store that backup offline on a separate device.
2. Use professional email and web security tools that analyse email attachments, websites and files for malware. Your solution should block potentially compromised advertisements and social media sites that have no business relevance. These tools should include sandbox functionality so that new or unrecognised files can be executed and analysed in a safe environment.
3. Keep your operating systems, devices and software patched and updated.
4. Make sure that your device and network anti-virus, IPS and anti-malware tools are running the latest updates.
5. Where possible, use application whitelisting which prevents unauthorised applications from being downloaded / executed.
6. Segment your network into security zones so that an infection in one area cannot easily spread to another.
7. Establish and enforce permissions and privileges so that the fewest number of users have the potential to infect business-critical applications, data or services.
8. Establish and enforce a BYOD security policy which can inspect and block devices which do not meet your standards for security (no client or anti-malware installed, anti-virus files are out of date, operating systems need critical patches, etc.)
9. Deploy forensic analysis tools so that after an attack you can identify a) where the infection came from, b) how long it has been in your environment, c) that you have removed all of it from every device and d) that you can ensure it doesn’t come back.
10. Do NOT count on your employees to keep you safe. While it is still important to up-level your user awareness training so employees are taught to not download files, click on email attachments or follow unsolicited web links in emails, human beings are the most vulnerable link in your security chain and you need to plan around them.
“Keeping safe in an unsafe world takes time, expertise and a lot of hard work,” concludes Gardiner. “But it’s not impossible. If you have any questions or want to upgrade your defences to protect your network, give us a call. We’ll quickly ascertain your requirements and put you in touch with one of our Partner specialists who can help you move forward and stop these crooks cold.”