Ransomware: How to Protect Your Data from Being Held for Ransom

NetgainCybersecurity & Compliance, Financial IT, Healthcare IT

Ransomware attacks are real and they are on the rise – affecting organizations of every shape and size.

Ransomware, a malicious type of software, indiscriminately encrypts a company’s files, and the malware operators require payment of a ransom to provide the ability to decrypt the files. Ransomware can be installed by simply visiting a website that happens to have malicious advertisements. In nearly every case, decryption without paying the ransom is impossible which leaves the company only four options: Restore from backup, pay the ransom, recreate the files, or live without them.

Even more concerning is that the ransomware is evolving. The criminals are testing different variations of the malware in an effort to extract even more money from the victims. Expect them to demand different ransoms based on number of shares or types and sizes of the files. Expect them to apply pressure by threatening to delete files if the ransom is unpaid. They will try to do anything possible to compromise any backups.

Ransomware will become more sophisticated as criminals continue to see it as an increasingly effective way to extort money. Here is a list of what companies need to consider to protect themselves.

1. Don’t rely on Antivirus alone.

Across the board, antivirus products cannot protect computers from modern malware. Antivirus works by knowing which programs are bad. This blacklist grows by hundreds of thousands of programs every day. Whitelisting is the opposite approach. When you only allow programs you trust, and block everything else, attacks are much less likely to succeed. In addition, whitelists should not need to be changed very often.

2. Prevent computers from accessing hacked websites.

The internet is global, and cannot be trusted. Web browsers simply have too many vulnerabilities that hackers can exploit. If a computer requires access to sensitive internal information, do not allow that computer access to everything on the internet. Block all websites, including advertising networks, and only allow access to the select few websites that are actually needed.

3. Require patches be installed on all computers.

Patches are critical to correct vulnerabilities and maintain security. Patches should be installed on all devices including laptops, phones, and tablets. Home computers that can connect to the corporate network, whether VPN or other remote connection technology, also need to stay patched.

This advice may seem daunting, but there are ways to make it easier.

1. Configure Whitelisting.

Windows and Apple both ship with a form of Application Whitelisting. Configure this factory whitelisting and update it as needed. In Windows, the whitelisting is called AppLocker. For Apple, whitelisting can be found in the Security Settings. AppLocker can be a bit complicated to configure, but worth the effort as it is extremely effective at blocking malware of all sorts. In addition, CryptoPrevent is a free/cheap software that can configure much of it for you. However, it is more focused on the home user network than the corporate.

2. Implement a web proxy.

OpenDNS and other similar services can help make this process easier. By implementing a web proxy, malware has a more difficult time breaking in. Even if the malware does breach your system, it will have a difficult time communicating to some Command and Control infrastructures for commands or encryption keys.

3. Establish auto updates.

Numerous systems can be configured to auto update. Without auto update, this is a difficult step to implement across a network. To be effective, auto update often requires a product that can manage all systems in the environment, and install updates on a schedule. Installing patches and updates closes the holes that malware depends on to compromise systems.

Final Thoughts

Antivirus is ineffective against new malware. All companies must implement Application Whitelisting. Additionally, modern malware requires communication with the internet for much of its functionality. Restricting this communication, by limiting which internet resources are accessible, creates significant barriers in the effectiveness of malware. Finally, patching systems closes bugs on which the malware depends in order to infiltrate systems.