Ransomware is a malicious software that cyber criminals uses to hijack your computer or data files for ransom, demanding payment it may be in terms of bitcoins from you to get them release.
The first ransomware was identified in 1989 which is called as AIDS. Fortunately for a period of 17 years there was not much activity but starting since 2006, it is in full swing. Year on year new variants of ransomware’s are released. The infection level has scattered from all areas including home, business, private or government institutions and all verticals like finance, automobile, hotel industry and so on. Ransomware hackers have found multiple ways to infect the users or organizations. It may include network level vulnerability, social engineering technics and many other ways.
So the top priorities the organization or individual home users shall consider to protect from Ran-some-ware attacks are:Firstly,Awareness.When we talk about awareness, ideally the response will be yes we have training done for all the employees or yes may be done for some of the employees. In any organization the end users focus is to focus on day to day activities rather than to focus on new industry threat landscape. So until and unless the end user is not aware of the industry threats, chances are more it eases the infection and may also spread in a faster pace. Regular awareness sessions can be covered in some of the ways as like : On boarding induction training,regular email communication,screen savers,one pagers,flyers,internal mock attacks.
Secondly,Data backup.Data is critical for any organization’s survival. They mainly consist of customer data, project data, financial data and so on. Protecting this is the biggest challenge for organizations. As Ransomware’s main target is to take control of data by encrypting or blocking access.
So organizations have to come up with a well-defined data backup strategy depending on the organization appetite. Backup types can be: full backup – total copying of data described,incremental backup – copying only data changed after the last incremental backup,differential backup – copying only data changed after the last full backup,mixed data backup – a sequence of full backup and some differential backups, rotating repeatedly.
Thirdly,Patch management.Effective patch management is one of the way where we may reduce ransomware attacks. Organizations uses various standard and open source applications. For standard applications there are normally defined patch release schedule but for open source there is no such programs. But the biggest challenge here is, deploying those patches on a regular basis to avoid any deviation from policy and from governance perspective. Some of the Do’s and Don’ts are :to do regular patches for all the standard and open source applications,not to (minimize) grant local admin rights to end users,to install anti-malware software on all the systems,not to allow users to install third party software’s.
Fourthly,Anti-malware software. In a multi-tier architecture one such protection level can be use of anti-malware software to defend against ransomware attacks. Just installing anti-malware software alone will not suffice the requirement, regular updation of patches and versions should be made mandatory.
There are number of anti-malware solutions in the industry. Everyone will have their own pros and cons,to judiciously carry out the POC in your environment based on the results decided for suitable solutions. Anti-malware solution can be scattered on various OSI layer based on which solution should be installed and managed. Effective fine tuning of the solution provides better results and protects the organization efficiently.
Fifthly,Multi-tier architecture. As we all agree security alone cannot be implemented at one of the layer of the OSI model. It should spread across various levels,starting from external perimeter till the end user computer security be integrated. Even in smaller setups nowadays firewalls has the capability to filter/manage traffic effectively. On the end user computing perspective endpoint security plays a major role in controlling the user activity. So it is necessary to develop an effective IT strategy through which all layers are controlled and managed efficiently.
Sixthly,External device management. Bring your own device (BYOD) is making a buzz in the industry. Every organization is looking at BYOD to manage cost and to empower employees to bring their own devices for better performance. On the contrary this benefits also comes up with some challenges where organization need to consider. Ideally a risk assessment has to be conducted to understand the possible risk and mitigation strategy. One such risk which can be foreseen is ransomware, as mostly BYOD devices are not updated with latest patches and also may have vulnerable software installed. So effective policy is needed to be implemented and followed in the organizations.
Seventhly,Filtering of unknowns. Most of the organizations invest huge amount of money in protecting their valuable assets from external/internal threats or attacks. Year on Year if we look at the IT budget it’s increasing, so are we effectively using these or it’s a tick in a box. Two important solution I would like to highlight as an example are: Email solution and Web filtering solution.
One of the easy way ransomware attackers to enter the organization is through email. End users are sometimes so innocent or ignorant they don’t try to validate the source of the email. This is one of the entry point for ransomware infection, where attackers take control of the systems. So awareness, effective fine tuning and regular monitoring of this solution can minimize the ransomware attack.
As Web filtering solution is considered we understand, without internet no work can happen, that is the level of dependency we have. As per the study a user on an average spent atleast an hour on internet for personal or official purpose. So this is also one of the easy entry point for ransomware attackers to enter the organization and take control of the system. So awareness, effective fine tuning and regular monitoring of this solution can minimize the ransomware attack.
Finally the question still lingers are the above 7 points enough to secure the organization from ransomware? My answer is “No”. A holistic approach from Process, People and Technology shall be considered to defend from ransomware attacks.
Authored by
Srinivas Thimmaiah
Solution Architect, Information Security Services