Story image

Ransomware: Easy to get hit, difficult to stop and costly to recover

08 Jun 16

Ransomware is shaping up to be the ‘malware du jour’ for 2016. Why? Because it is profitable for cyber-crooks. And it’s not that difficult to deploy. According to, Cryptowall, a ransomware application, generated over US$30 million in a short time for criminals. The criminal marketplace (yes, ransomware is sold and traded within the DarkWeb) provides a wide range of choices and varieties of ransomware, with many variants popping up on a daily basis. Clearly, you need to be more vigilant than ever to keep ransomware out of your network.

Why is ransomware difficult to stop?

The first reason is distribution. “Most ransomware infects its victims via phishing attacks,” says Gary Gardiner, A/NZ director of engineering and services at Fortinet, a global leader in the provision of advanced cyber security solutions. “Phishing attacks are the most common method of infection and come in a wide range of delivery methods such as drive-by downloads, compromised websites and malvertising. Malvertising occurs when malicious sources distribute malware to hundreds of websites hosting ads for revenue.”

The second reason is Ransomware’s very nature. “Most ransomware is polymorphic,” he continues. “From the perspective of computer code and analysis, it is always changing. Anti-virus software traditionally looks for known threats and patterns. But since ransomware is always reinventing itself, it can sneak past many AV solutions.”

How do you protect yourself against ransomware?

“Ransomware is like any other malware,” says Gardiner, “and can be stopped by both policy and technology. Here are ten basic rules that you can adopt to keep you network safer from ransomware.”

1. Develop a backup and recovery plan. Back up your systems regularly and store that backup offline on a separate device.

2. Use professional email and web security tools that analyse email attachments, websites and files for malware. Your solution should block potentially compromised advertisements and social media sites that have no business relevance. These tools should include sandbox functionality so that new or unrecognised files can be executed and analysed in a safe environment.

3. Keep your operating systems, devices and software patched and updated.

4. Make sure that your device and network anti-virus, IPS and anti-malware tools are running the latest updates.

5. Where possible, use application whitelisting which prevents unauthorised applications from being downloaded / executed.

6. Segment your network into security zones so that an infection in one area cannot easily spread to another.

7. Establish and enforce permissions and privileges so that the fewest number of users have the potential to infect business-critical applications, data or services.

8. Establish and enforce a BYOD security policy which can inspect and block devices which do not meet your standards for security (no client or anti-malware installed, anti-virus files are out of date, operating systems need critical patches, etc.)

9. Deploy forensic analysis tools so that after an attack you can identify a) where the infection came from, b) how long it has been in your environment, c) that you have removed all of it from every device and d) that you can ensure it doesn’t come back.

10. Do NOT count on your employees to keep you safe. While it is still important to up-level your user awareness training so employees are taught to not download files, click on email attachments or follow unsolicited web links in emails, human beings are the most vulnerable link in your security chain and you need to plan around them.

“Keeping safe in an unsafe world takes time, expertise and a lot of hard work,” concludes Gardiner. “But it’s not impossible. If you have any questions or want to upgrade your defences to protect your network, give us a call.  We’ll quickly ascertain your requirements and put you in touch with one of our Partner specialists who can help you move forward and stop these crooks cold.”

For further information, please contact:

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.