Ransomware: Don’t let your business be held for ransom

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://realbusiness.co.uk/article/31786-ransomware-dont-let-your-business-be-held-for-ransom

Ransoms are one of the oldest means of exploitation. Taking an item of
tremendous value and demanding compensation for its return is an effective,
if sinister, way for criminals to get what they want.

Ransomware follows a lot of the same rules as more traditional forms of
extortion, simply applied to the digital era. With ransomware, attackers
infiltrate laptops, servers, or data centres through encryption and render
personal or corporate data inaccessible unless victims pay a ransom.

Ransomware is the fastest growing ‘industry’ in IT security. Law
enforcement can’t stop it. The IT department can’t reverse it and unless
the right steps are taken prior to an attack, all enterprises can do is pay
the ransom and hope for the best.

An organisations’ best measure against ransomware is prevention with
security policies that increase internal awareness and reduce exposure.

One way to mitigate the risk of losing data is through timely, complete
off-site data backups. A good backup rule of thumb is “3-2-1” – back up
three copies of every file, on at least two types of media, at least one of
which is offsite. With offsite backups, you can restore your files after
ransomware has finished the encryption process.

Another way to mitigate ransomware is through education. Despite years of
warnings about suspicious emails and websites, users still fall prey.
Ensure new employees are trained on ransomware during on-boarding, as well
as existing workers.

Work with HR and internal communications departments to help engrain data
security into the fabric of the business and tell users what kind of
threats to look for, including:

Crypto-ransomware – Strong cryptography that encrypts files, presenting
victims with an alert that they must pay a ransom to decrypt their data.
Some variants can jump from machine to machine within an IT network. They
can also look for file shares and attached backups, and extend to web
servers, debilitating business operations.

Phishing – Typically spread through phishing emails that contain malicious
attachments if clicked on. Many phishing emails include subject lines that
are enticing and may seem legitimate such as package deliveries, payroll or
payments.

Drive-by downloads – Unintended downloads from infected websites that are
delivered through a browser exploiting a software vulnerability on the
target machine.

Malvertising – The injection of malware-laden ads onto legitimate websites.
Popular sites from The New York Times to the Nikkei Stock Exchange have
unwittingly carried malvertising.

USB sticks – The spreading of infected files to – and from – attachable
devices such as thumb drives can infect laptops, desktops, smartphones,
tablets, servers and even entire data centres. In the era of IoT, it can
extend to wearables that sync with other devices, and potentially
Internet-connected HVAC or lighting systems.

A comprehensive ransomware prevention strategy should include device
control, patch management and configuration management. Fast action, such
as immediately taking an affected machine offline, can prevent a ransomware
attack from moving through the network and affecting other systems.

An effective ransomware prevention strategy should include the following:

Device control – Set controls about what kinds of devices can be loaded on
a system. Those rules can address type, brand and even an individual USB
drive. Effective device control automates the discovery and management of
removable devices. It defines and enforces device use policies by group or
individual user, with flexible exception policies.

Patch management – Patch management remains one of the most effective means
of thwarting attacks, including ransomware. To protect against ransomware
in particular, be sure to enable the downloading of software patches to
your operating systems, Microsoft Office, Adobe applications, your browsers
and browser plug-ins.

Configuration management – To ward off ransomware, set browser security to
the highest possible level to reduce the chances that malicious content can
be downloaded from a website. Also use the browser’s ‘Do not track’ feature
to reduce the chance of encountering malvertising by limiting ad views. In
addition, monitor outgoing traffic. Block known malicious URLs and watch
for “nonsense” URLs that look suspicious. When in doubt, block first and
ask questions later.

Make no mistake, ransomware is the next big scourge to strike businesses.
It’s not a trivial threat, and one organisations are almost certain to
encounter.

By taking preventive measures now —including rigorous data backups,
thorough user training, and prevention strategies – the risk of ransomware
and other malicious attacks can be mitigated, without ransoming the
organisation’s success.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!