Security Think Tank: Four steps for companies to protect against ransomware

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.computerweekly.com/opinion/Security-Think-Tank-Four-steps-for-companies-to-protect-against-ransomware

Any discussion of ransomware
<http://whatis.techtarget.com/definition/ransomware-cryptovirus-cryptotrojan-or-cryptoworm>
should begin by reminding ourselves that the term denotes malware
<http://www.computerweekly.com/news/4500254348/Celebrity-search-results-loaded-with-malware-study-shows>.
The “ransom” element is a matter of impact, not a root cause. As a result,
many of the strategies applied when protecting against common malware
should also be applied to ransomware
<http://www.computerweekly.com/feature/How-to-avoid-being-caught-out-by-ransomware>
.

Having said this, ransomware is one of the most common types of attack,
given that it is easy to generate and distribute. A recent piece of research
<http://www.isaca.org/About-ISACA/Press-room/News-Releases/2016/Pages/ISACA-Cybersecurity-Snapshot-Survey.aspx>
from Isaca shows that the threat is set to continue, with 20% of global IT
security <http://www.computerweekly.com/resources/IT-security> experts
placing this type of attack in their top three threats for 2016.

Once in the wild, a typical ransomware script will infect numerous
environments very quickly, with the command and control
<http://www.computerweekly.com/news/4500257530/Met-Police-forced-to-stick-with-ageing-command-and-control-system-after-project-delays>
structure designed to harvest small sums of money through anonymised
payment mechanisms such as Bitcoin.

Ransomware attackers rely on broad and indiscriminate dissemination of
malware, without necessarily targeting any specific group of people or
companies.

Specimens such as TeslaCrypt, CryptoWall
<http://www.computerweekly.com/news/4500248823/Ransomware-costs-business-at-least-18m-says-FBI>
and TorrentLocker reveal a wide variety of ransomware, ranging from
unsophisticated varieties embedded in Microsoft Word documents to fairly
complex script-based infiltration.

In this aspect, security managers should be conscious of the fact that
ransomware often utilises channels that were thought to be extinct,
such as macro
virus infection
<http://searchsecurity.techtarget.com/news/2240241180/Macro-viruses-reemerge-in-Word-Excel-files>
.
Steps to protect against ransomware

There are a number of steps that organisations and individuals can take to
increase their security and strengthen their defences:

   1. Promote awareness
   <http://www.computerweekly.com/resources/Security-policy-and-user-awareness>
   by communicating defensive capabilities against generic malware to users.
   It should be noted how phishing
   <http://www.computerweekly.com/news/4500244954/Users-should-not-take-the-rap-for-phishing-attacks-says-expert>,
   social engineering attacks and suspicious websites can all pave the way for
   infection.
   2. Strengthen scan-and-detect defensive capabilities across the
   organisation. There are many tools that will identify, repel and neutralise
   malware, including ransomware. However, it is important not to rely on a
   single anti-virus or anti-malware system
   <http://www.computerweekly.com/resources/Antivirus-firewall-and-IDS-products>,
   but a wide range dedicated to different types of attack.
   3. Update and adjust target platforms such as Microsoft Office to
   include blocking mechanisms. All too often, infected Office-based documents
   and spreadsheets can slip through because defences have been disabled in
   favour of user convenience
   <http://searchnetworking.techtarget.com/answer/Will-bring-your-own-device-security-make-you-sacrifice-convenience>
   .
   4. Both organisations and individuals should consider where their data
   <http://www.computerweekly.com/feature/How-to-deal-with-the-aftermath-of-a-data-breach>
   resides. Ransomware is usually restricted to local hard drives or locally
   available shares. Information assets should therefore be held in at least
   two air gapped locations, such as a portable hard disk for daily backups of
   important data, and an additional network-attached storage
   <http://searchstorage.techtarget.com/definition/network-attached-storage>
   (NAS) for larger backup jobs. Even after ransomware infection, important
   files can then be recovered. For personal data, DVD or BluRay backups
   retain the advantage of read-only access.

A fuller list of associated controls is available in the complimentary Threats
& Controls tool <https://cybersecurity.isaca.org/csx-threats-and-controls>
from Isaca’s Cybersecurity Nexus (CSX).
Attacks may lead to greater costs

There is some considerable effort required to protect against ransomware,
especially in complex enterprise environments. However, given the current
level of helplessness – up to the point where official authorities have
recommended giving in and paying the ransom – this extra work is a vital
step towards saving time and money.
To help your thinking as a business leader on how important it is to
protect yourself against this form of attack, it is worth remembering that
even one successful ransomware attack on your organisation or private IT
environment is likely to be much more expensive than taking preventive
measures.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.