BreachExchange mailing list archives
Security Think Tank: Four steps for companies to protect against ransomware
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 3 Feb 2016 13:16:41 -0600
http://www.computerweekly.com/opinion/Security-Think-Tank-Four-steps-for-companies-to-protect-against-ransomware Any discussion of ransomware <http://whatis.techtarget.com/definition/ransomware-cryptovirus-cryptotrojan-or-cryptoworm> should begin by reminding ourselves that the term denotes malware <http://www.computerweekly.com/news/4500254348/Celebrity-search-results-loaded-with-malware-study-shows>. The “ransom” element is a matter of impact, not a root cause. As a result, many of the strategies applied when protecting against common malware should also be applied to ransomware <http://www.computerweekly.com/feature/How-to-avoid-being-caught-out-by-ransomware> . Having said this, ransomware is one of the most common types of attack, given that it is easy to generate and distribute. A recent piece of research <http://www.isaca.org/About-ISACA/Press-room/News-Releases/2016/Pages/ISACA-Cybersecurity-Snapshot-Survey.aspx> from Isaca shows that the threat is set to continue, with 20% of global IT security <http://www.computerweekly.com/resources/IT-security> experts placing this type of attack in their top three threats for 2016. Once in the wild, a typical ransomware script will infect numerous environments very quickly, with the command and control <http://www.computerweekly.com/news/4500257530/Met-Police-forced-to-stick-with-ageing-command-and-control-system-after-project-delays> structure designed to harvest small sums of money through anonymised payment mechanisms such as Bitcoin. Ransomware attackers rely on broad and indiscriminate dissemination of malware, without necessarily targeting any specific group of people or companies. Specimens such as TeslaCrypt, CryptoWall <http://www.computerweekly.com/news/4500248823/Ransomware-costs-business-at-least-18m-says-FBI> and TorrentLocker reveal a wide variety of ransomware, ranging from unsophisticated varieties embedded in Microsoft Word documents to fairly complex script-based infiltration. In this aspect, security managers should be conscious of the fact that ransomware often utilises channels that were thought to be extinct, such as macro virus infection <http://searchsecurity.techtarget.com/news/2240241180/Macro-viruses-reemerge-in-Word-Excel-files> . Steps to protect against ransomware There are a number of steps that organisations and individuals can take to increase their security and strengthen their defences: 1. Promote awareness <http://www.computerweekly.com/resources/Security-policy-and-user-awareness> by communicating defensive capabilities against generic malware to users. It should be noted how phishing <http://www.computerweekly.com/news/4500244954/Users-should-not-take-the-rap-for-phishing-attacks-says-expert>, social engineering attacks and suspicious websites can all pave the way for infection. 2. Strengthen scan-and-detect defensive capabilities across the organisation. There are many tools that will identify, repel and neutralise malware, including ransomware. However, it is important not to rely on a single anti-virus or anti-malware system <http://www.computerweekly.com/resources/Antivirus-firewall-and-IDS-products>, but a wide range dedicated to different types of attack. 3. Update and adjust target platforms such as Microsoft Office to include blocking mechanisms. All too often, infected Office-based documents and spreadsheets can slip through because defences have been disabled in favour of user convenience <http://searchnetworking.techtarget.com/answer/Will-bring-your-own-device-security-make-you-sacrifice-convenience> . 4. Both organisations and individuals should consider where their data <http://www.computerweekly.com/feature/How-to-deal-with-the-aftermath-of-a-data-breach> resides. Ransomware is usually restricted to local hard drives or locally available shares. Information assets should therefore be held in at least two air gapped locations, such as a portable hard disk for daily backups of important data, and an additional network-attached storage <http://searchstorage.techtarget.com/definition/network-attached-storage> (NAS) for larger backup jobs. Even after ransomware infection, important files can then be recovered. For personal data, DVD or BluRay backups retain the advantage of read-only access. A fuller list of associated controls is available in the complimentary Threats & Controls tool <https://cybersecurity.isaca.org/csx-threats-and-controls> from Isaca’s Cybersecurity Nexus (CSX). Attacks may lead to greater costs There is some considerable effort required to protect against ransomware, especially in complex enterprise environments. However, given the current level of helplessness – up to the point where official authorities have recommended giving in and paying the ransom – this extra work is a vital step towards saving time and money. To help your thinking as a business leader on how important it is to protect yourself against this form of attack, it is worth remembering that even one successful ransomware attack on your organisation or private IT environment is likely to be much more expensive than taking preventive measures.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- Security Think Tank: Four steps for companies to protect against ransomware Inga Goddijn (Feb 04)