Blog

We have opinions and we like to share them.

They aren’t always technology related, we like to think we have a thing or two to say about Leadership and management and hope you will find the occasional post or tweet useful.

Ransomware Protection – What you need to know now

‘Malware Mania’ is back with a vengeance creating havoc for organizations of all sizes and in all industries. Ransomware protection is now the top priority for any organisation. Cyber criminals have morphed their attack methods with the resurgence of. malware and encrypting ransomware to evade traditional antivirus and firewall defence. As a result, your IT team is scrambling for a more effective way to deal with these shocking realities.

  • 2,500 cases of ransomware costing victims $24 million in the US alone were reported to the Internet Crime Complaint Center for 2015 (Turkel, 2016)
  • 500+ malware evasion behaviors are being tracked by researchers used to bypass detection (Kruegel, 2015)
  • 10 is the average number of evasion techniques used per malware sample (Kruegel, 2015)
  • 97% of malware is unique to a specific endpoint, rendering signature-based security virtually useless (Webroot, 2015)
  • 15% of new files are malicious executables (Webroot, 2015)
  • 98% of Microsoft Office-targeted threats use macros (Microsoft , 2016)
  • 600%+ increase in attachment-based vs. URL delivered malware attacks from mid 2014 to 2015 (Proofpoint, 2015)
  • 50% increase in email attacks where macros are the method of infection (Tim Gurganus, 2015)
  • 390,000 malicious programs are registered every day by AV-Test Institute (AV-TEST, 2016)
  • 19.2% potential increase of ransomware protection simply by adding a 2nd AV to your existing email security, while structural sanitisation can help eliminate macro malware threats (Clearswift, 2016)

1. Ensure antivirus is installed and up to date across all endpoints within the business. Keep in mind, AV is based on signatures so new variants may and will slip through the cracks, but this could easily be a first line of defense. Additionally, it’s best to have a multi-faceted security solution that employs additional protective technologies such as heuristics, firewalls, behavioral-based threat prevention, etc. Digital Guardian offers an ‘Advanced Threat Prevention’ module that contains a suite of protection rules against ransomware based on how it behaviorally interacts on the operating system.

2. Establish security awareness campaigns that stress the avoidance of clicking on links and attachments in email. I literally ask myself these questions when receiving an email message with a link or an attached file: 1) Do I know the sender? 2) Do I really need to open that file or go to that link? 3) Did I really order something from FedEx?? Increasing Phishing awareness is nearly a zero cost ransomware protection strategy and because once most end users will then  think twice, it can be extremely successful.

3. Backup the data. There are a lot of of options here, from backing up to cloud providers to local storage devices or even network attached drives, but each comes with a certain level of risk. It’s imperative to remove the external storage device once a backup has been taken so that if ransomware does infect the computer, it won’t be able to touch the backup. See our Cloud Services

4. GPO (Group Policy)  restrictions are an easy and affordable method for increasing ransomware protection.  Stopping malware in general from installing. GPO has the ability to provide granular control over the execution of files on an endpoint, so adding rules that block activity such as files executing from the ‘Appdata’ directory or even disabling the ability for executables to run from attachments.

5. Patching commonly exploited third party software such as Java, Flash, and Adobe will undoubtedly prevent many of these types of attacks from even being successful in the first place. Here is a resource for checking all Microsoft security updates Microsoft Security Centre

6. Restrict administrative rights on endpoints. I know this is of course a highly political and even cultural request to make, however reducing privileges will reduce the attack surface significantly. End users shouldn’t be downloading and installing games anyway, am I right or am I wrong ? This is often part of a wider strategy that a Fractional IT Director  could help with.

Ransomware has significantly evolved over the years since it was first introduced back in 1989 as the ‘PC Cyborg’ Trojan and the user had to pay around $189 dollars to repair their computer. Fast forward 20+ years and we’ve moved to seeing  a myriad of different types of specimens leveraging varying techniques in an effort for the authors or distributors to get paid. With no clear end in sight, we will continue to see these types of attacks, so tightening up the security belt and locking down your  networks is the wisest thing you can do in order to protect what matters most on your network: the DATA! We can help please contact us

 

Leave a Reply

Your email address will not be published. Required fields are marked *