BreachExchange mailing list archives
Ransomware: Don’t let your business be held for ransom
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 12 Oct 2015 17:50:17 -0600
http://realbusiness.co.uk/article/31786-ransomware-dont-let-your-business-be-held-for-ransom Ransoms are one of the oldest means of exploitation. Taking an item of tremendous value and demanding compensation for its return is an effective, if sinister, way for criminals to get what they want. Ransomware follows a lot of the same rules as more traditional forms of extortion, simply applied to the digital era. With ransomware, attackers infiltrate laptops, servers, or data centres through encryption and render personal or corporate data inaccessible unless victims pay a ransom. Ransomware is the fastest growing ‘industry’ in IT security. Law enforcement can’t stop it. The IT department can’t reverse it and unless the right steps are taken prior to an attack, all enterprises can do is pay the ransom and hope for the best. An organisations’ best measure against ransomware is prevention with security policies that increase internal awareness and reduce exposure. One way to mitigate the risk of losing data is through timely, complete off-site data backups. A good backup rule of thumb is “3-2-1” – back up three copies of every file, on at least two types of media, at least one of which is offsite. With offsite backups, you can restore your files after ransomware has finished the encryption process. Another way to mitigate ransomware is through education. Despite years of warnings about suspicious emails and websites, users still fall prey. Ensure new employees are trained on ransomware during on-boarding, as well as existing workers. Work with HR and internal communications departments to help engrain data security into the fabric of the business and tell users what kind of threats to look for, including: Crypto-ransomware – Strong cryptography that encrypts files, presenting victims with an alert that they must pay a ransom to decrypt their data. Some variants can jump from machine to machine within an IT network. They can also look for file shares and attached backups, and extend to web servers, debilitating business operations. Phishing – Typically spread through phishing emails that contain malicious attachments if clicked on. Many phishing emails include subject lines that are enticing and may seem legitimate such as package deliveries, payroll or payments. Drive-by downloads – Unintended downloads from infected websites that are delivered through a browser exploiting a software vulnerability on the target machine. Malvertising – The injection of malware-laden ads onto legitimate websites. Popular sites from The New York Times to the Nikkei Stock Exchange have unwittingly carried malvertising. USB sticks – The spreading of infected files to – and from – attachable devices such as thumb drives can infect laptops, desktops, smartphones, tablets, servers and even entire data centres. In the era of IoT, it can extend to wearables that sync with other devices, and potentially Internet-connected HVAC or lighting systems. A comprehensive ransomware prevention strategy should include device control, patch management and configuration management. Fast action, such as immediately taking an affected machine offline, can prevent a ransomware attack from moving through the network and affecting other systems. An effective ransomware prevention strategy should include the following: Device control – Set controls about what kinds of devices can be loaded on a system. Those rules can address type, brand and even an individual USB drive. Effective device control automates the discovery and management of removable devices. It defines and enforces device use policies by group or individual user, with flexible exception policies. Patch management – Patch management remains one of the most effective means of thwarting attacks, including ransomware. To protect against ransomware in particular, be sure to enable the downloading of software patches to your operating systems, Microsoft Office, Adobe applications, your browsers and browser plug-ins. Configuration management – To ward off ransomware, set browser security to the highest possible level to reduce the chances that malicious content can be downloaded from a website. Also use the browser’s ‘Do not track’ feature to reduce the chance of encountering malvertising by limiting ad views. In addition, monitor outgoing traffic. Block known malicious URLs and watch for “nonsense” URLs that look suspicious. When in doubt, block first and ask questions later. Make no mistake, ransomware is the next big scourge to strike businesses. It’s not a trivial threat, and one organisations are almost certain to encounter. By taking preventive measures now —including rigorous data backups, thorough user training, and prevention strategies – the risk of ransomware and other malicious attacks can be mitigated, without ransoming the organisation’s success.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Ransomware: Don’t let your business be held for ransom Audrey McNeil (Oct 13)