Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 28 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Ransomware on the rise: how to prevent an attack

by The Gurus
July 27, 2017
in This Week's Gurus
Share on FacebookShare on Twitter

If the last few months have taught us anything, it’s that enterprises clearly need to take a long hard look at the cyber security they have in place.  One thing is clear – cyber threats now present a bigger risk to organisations than ever before.  Considering the huge growth in the number of new ransomware families (an increase of 752% since 2015), online extortion has become a major issue and one that businesses must address.
When it comes to measuring up the country’s worst hit by ransomware, the UK does not appear to be faring well.  According to a recent report by Malwarebytes, 54% of UK companies have been hit by a ransomware attack compared to 47% of US companies.  It is a common misconception that hackers are only targeting financial institutions, but this year’s attacks on UK parliament and health trusts highlights the reality of the situation – no business or organisation is safe.
It is becoming increasingly easy for hackers to disrupt business operations and extort money with the availability of open source ransomware and ransomware as a service (RaaS).  Organisations are rightly concerned about the loss of productivity over anything else. It is estimated that it takes 33 man hours (on average) to fix the problem, with the financial impact potentially much larger than the demanded ransom.
In addition, companies are increasingly concerned about data protection legislation and the potential for significant fines from governing bodies, as well as damage to reputation, resulting from data loss. This comes sharply in to focus now with the EU General Data Protection Regulation coming into force from May 2018.
So what is Ransomware?
In short, it is a type of malicious software that attempts to obtain money from a computer user or organisation by infecting systems and blocking access. This is typically done through encryption of the files and documents on the victim’s machine, then demanding a sum of money to provide the keys to decrypy the files.
There are a number of ways a hacker can initiate an attack, with the most common being a phishing email. This is where the victim is tricked into clicking on a link, or opening an attachment in what appears to be a legitimate email message.  The malicious software is then covertly installed on a computer, without knowledge or intention of the user.  It can then either stay dormant or spread without user interaction, depending on the type of attack, until it receives a command from the hackers systems to encrypt the files or lock the computer.  As soon as the data is encrypted, the user receives the ransom notification and the clock starts ticking.
Once your data is locked you face a difficult choice, whether to pay or not to pay. If you pay, will you really receive the key to decrypt and get your data back?  You are dealing with criminals after all!
How can you prevent an attack?
Unfortunately, there is no silver bullet.  Cyber criminals are constantly innovating and every cyber-attack is constructed using well-defined phases, which are completed sequentially.  Rendering a cyber-attack unsuccessful is all about blocking one or more of these stages.
You therefore need to look at a layered approach to protection. This means:

  • Securing your entry points.
  • Filtering web traffic and blocking malicious sites.
  • Blocking users from certain websites of which they should have no access.
  • Blocking macro’s and ActiveX along with not allowing external content from running inside office applications.
  • Scanning all emails and attachments for phishing.
  • Educating your employees to increase their awareness of phishing techniques and general vigilance.
  • Ensuring USB devices are scanned or even restricted in some parts, with auto play disabled at the very least.
  • Locking down users’ own (BYOD) devices on secured separate networks from production systems.
  • Deploying ransom behavioural tools and scanning your network traffic.

With this layered approach, research has shown that most ransomware attacks can be stopped at the gateway level, through email and URL blocking. The last line of defence is endpoint anti-ransomware behavioural monitoring, designed to proactively detect and block ransomware execution.  However, you want to stop this at the gateway and so ensure that your intrusion prevention, email and web scanning solutions are suitably robust to protect your edge networks.
Ultimately, you need to improve your security posture, research and follow best practices for technology and solutions that you already have in place. Where possible, looking to complement these with new and improved technology and services.
But what if it still gets through?
Even with all these tools and techniques in place sophisticated malware can still get through your defences.  Cyber criminals are evasive and clever and find new weak points all the time.  If the ransomware gets in, it will begin infecting disks and mapped network shares.  You therefore need plans in place to contain and respond to an infection and ultimately restore your data.  Paying the ransom should not be an option.
Backups are key to protecting your data.  However, for a lot of organisations, restoring the previous night’s backup to recover from a ransomware incident is simply not acceptable, due to the data loss and downtime incurred.  Organisations may leverage snapshots, be they storage based or at the  virtual machine level, to provide more granular restore capabilities.  But these too will likely mean accepting several hours’ worth of data loss.  This may also not be palatable to some companies, and thus we need to go further in terms of our restore capabilities.  We need to look at journaling technologies to be able to quickly roll systems back to a specific point in time, minutes or even seconds before the infection.
Once recovered, it is key that you conduct root cause analysis to help prevent reoccurrence.  There are always lessons to be learned and weak points can then be highlighted and addressed accordingly.  After the issue is resolved, the question should always be why did this happen?  Management will want to see a plan detailing how you will stop this in future.
Vigilance is key
Organisations and their employees need to be educated to be vigilant to avoid losing data and money.  You need to be implementing a multi-layered approach to cyber security, implementing solutions that utilise behavioural monitoring and machine learning whilst protecting your gateways, networks, servers and endpoints to help prevent ransomware infections.  There is no silver bullet, you need to employ a layered approach – defence in depth.
Prevent, contain and respond – you need plans in place for each. It is time to beef up your defence and recover options against the ever-increasing threat of ransomware.

FacebookTweetLinkedIn
Tags: Cybercybersecurityranspmwaretech
ShareTweet
Previous Post

Google Detects Android Spyware in Play Store, Removes It Before It’s Too Late

Next Post

Cyber awareness training within the legal industry must be the first-line of defence against online scammers, warns Databarracks

Recent News

SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023
Purple Logo, capitalised letters: SALT.

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated

May 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information