What can we do about the expected increase in ransomware and cyber-extortion tools?
By Harish Chib, Vice president, Middle East & Africa, Sophos.
Understanding why Ransomware attacks are so successful, implementing advanced ransomware combating protection in every stage of an attack and following good IT security practices, including regular training for employees are essential components of every single security set up.
Why Ransomware attacks are so successful?
- Sophisticated attack techniques and constant innovation
- Access to ready-made ‘Exploit as a Service’ (EaaS) programmes is increasingly easy, making it simple to initiate, successfully complete and benefit from an attack, even for less tech-savvy criminals
- Skilful social engineering is used to prompt the user to run the installation routine of the ransomware. For example you may receive an email that reads something like this: “My organisation’s requirements are in the attached file, please provide me with a quote”
- Producers of ransomware operate in a highly professional manner. This includes providing a working decryption tool after the ransom has been paid, although this is by no means guaranteed
- Security holes at affected companies
- Inadequate backup strategy (no real-time backups, backups not offline/off-site)
- Updates/patches for operating system and applications are not implemented swiftly enough
- Lack of user security training and IT security knowledge
- Security systems are not implemented or are not configured correctly
- Lack of advanced prevention technology
Many organisations have some form of generic protection but they need solutions designed specifically to combat Ransomware that is constantly being updated to exploit.
Implementing effective, advanced protection in place at every stage of an attack
To stop ransomware you need to
- Secure your endpoints with solutions that have anti-exploit technology which stops the delivery of ransomware, deep learning that blocks ransomware before it can run and technology that prevents the malicious encryption of files, rolling back affected files
- Malicious traffic detection and malicious encryption prevention technology protecting your servers
- The right network protection, including a modern high-performance nextgen firewall IPS engine and sandboxing solution
- Regular training of your employees on how to be safe from phishing emails
Nine best security practices to apply now
Staying secure against ransomware isn’t just about having the latest security solutions. Good IT security practices, including regular training for employees are essential components of every single security setup. Make sure you’re following these nine best practices:
- Patch early, patch often
- Backup regularly and keep a recent backup copy off-line and off-site
- Enable file extensions
- Don’t enable macros in document attachments received via email
- Be cautious about unsolicited attachments
- Don’t give yourself more login power than you need
- Stay up-to-date with new security features in your business applications
- Patch early, patch often- Staying on top of patches is so important that we’ve included it twice