Are you ready to tackle a blank screen caused by ransomware? Where will you turn when no single strategy provides complete protection and even backups are vulnerable to attack?
Late at night, your computer suddenly locks up and a curious message appears on the screen. Some nefarious entity has taken control of your entire network, gaining access to confidential files, client accounts, and other critical data. The intruder says that unless you transfer a fee, you can kiss your files — and your business — goodbye. Your company just joined the growing ranks of enterprises that have fallen victim to ransomware.
What is ransomware?
Ransomware is a type of malicious software that, once triggered, encrypts system files and data, making them unreadable. Typically, the hackers demand some form of monetary compensation to “unlock” the system files and data.
Common vectors for ransomware infections included drive-by downloads and URLs embedded in email messages. While the latter requires you to click on a link to activate the code, the former involve no action other than inadvertently visiting a compromised website that plants the malicious program on a user’s computer.
Vulnerabilities often exist in trusted platforms that can provide a back door to hackers. Such was the case with the 2017 WannaCry ransomware outbreak, which exploited a flaw in the Windows Server Message Block Protocol. Ransomware threats continue to morph and evolve, leaving no corner of your network truly safe — even potentially targeting your data backups.
Cyber-security experts agree that ransomware poses one of the most significant threats to enterprises today, particularly small- to medium-sized businesses. Ransom demands can range from hundreds to hundreds of thousands dollars, and there are no guarantees that the cyber-criminals will release your data once they are paid. Estimates put the annual global cost of these attacks at nearly £460 ($600 billion) billion in 2017, with that figure to exceed £4.5 trillion ($6 trillion) by 2021. As has been mentioned in previous posts, nearly 60 percent of businesses hit by ransomware attacks shut down within five years.
Where does one turn when no single strategy provides complete protection and even backups are vulnerable to attack? Combating these evolving and adaptive threats calls for a two-pronged approach, one that blends layered solutions with the expertise of a managed security services team to bolster your defenses and respond to attacks as they unfold. The following considerations should be part of any managed security menu when countering ransomware.
Prepare ahead
The first step everyone can implement is to put in place common-sense practices and policies that focus on where enterprises are most vulnerable – the human level. Train yourself and your staff to handle all email and outside messages with care. Do not provide personal information through unsolicited calls, emails, texts or other messages.
Such information can give social-engineering hackers the clues they need to gain access to your system. Also, avoid clicking links and attached files from unfamiliar sources. A managed security services provider can implement and reinforce these and other best practices to cut off ransomware attacks at their point of entry.
Who has your back(up)?
Traditionally, the most effective way to pull the teeth of potential ransomware attackers was to duplicate your data. Certainly, local backups can provide speedy recovery from a security crisis and off-site and/or cloud-based backups offer extra insurance should your local backup become compromised.
These days, however, backups alone cannot provide a complete answer to ransomware threats. Companies often discover too late that their backups are incomplete and missing critical data. Other enterprises fail to test their backups only to later learn that they will not restore. Worse still, newer, more insideous forms of ransomware specifically target and destroy backups. When looking for a comprehensive security solution for your SMB, backups should still be part of any package you consider.
You will also want to have a team of managed service professionals in place, testing and updating your systems, performing vulnerability assessments and preparing to shut down suspicious activity before your data becomes compromised.
A great wall
A firewall that provides critical protection between your business’ network and potential threats, including ransomware, should be part of any holistic approach to network security. Many of today’s next-gen firewall products include content filtering and spam blocking features to cut off ransomware attacks so they never reach their intended targets. The former delivers an additional line of defence should a user still manage to click a questionable link by checking the URL against a database of malicious sites, blocking those that pose a known risk.
Next-gen Firewalls augment real-time protection with automated updating and sharing to continuously monitor and report suspicious activity. Many also feature SSL inspection to identify and isolate encrypted web traffic. An effective firewall solution must be able to evolve to keep up with an ever-changing threat environment. A managed security specialist will not only match the right firewall hardware to an enterprise’s needs, but will also update software to counter the latest threats.
Beyond antivirus
The ubiquity and ease of use offered by antivirus products can be their Achilles heel, creating a false sense of security that leaves many users exposed. Cyber-security experts estimate that 30 percent of malware today represents new zero-day exploits and advanced persistent threats (APT) that that traditional antivirus programs will miss.
Behavioural-based solutions like APT blockers can sandbox potential threats in the cloud, employing behavioural analysis to spot potential malware. Intrusion detection and prevention (IDP) is a security feature that patrols your network, searching for abnormal behaviour such as suspicious connection attempts and backdoor programs, just what a ransomware hacker might use to get at your files. IDP can also flag suspicious changes to policies, unscheduled scans, and update failures.
Like intrusion detection, file integrity monitoring will alert your cyber-security team when critical files are accessed or altered, allowing a speedy response in the event of a potential attack to limit its impact. Managed security services often combine traditional and behavioural-based solutions like those found in WatchGuard and Microsoft 365 with the hands-on expertise, ensuring these defences are updated, patched and properly deployed to counter threats that would slip past antivirus.
A holistic approach
As with any cyber-security solution, ransomware prevention demands both a defensive and offensive posture to prepare for potential attacks. Keep your staff informed of the latest anti-ransomware best practices with regular security awareness trainings. A current asset inventory provides a real-time overview of the devices connected to your network and the permissions assigned to those devices.
Periodic vulnerability assessments can deny cyber-criminals access to their favourite avenue of attack. Even first-rate hardware and software solutions require constant updates, patches and reconfiguration to stay on top of these changing threats. An automated patch management system automatically applies security patches to operating systems before the cyber-criminals can find and exploit vulnerabilities.
So, ask yourself: How ready are you for a ransomware attack that could potentially spell the end of your business?
As published in SC Magazine UK
Valeo Networks offers companies a free Network Assessment (a $250 Value), which includes a Data Security Analysis. Contact Valeo Networks anytime at 800-584-6844 or via sales@saalexIT.com.