Charles Leaver – Ransomware Can Be Avoided And Managed With These 4 Steps

Written By Alan Zeichick And Presented By Charles Leaver

 

Ransomware is genuine, and is striking people, organisations, schools, healthcare facilities, local governments – and there’s no sign that ransomware is stopping. In fact, it’s probably increasing. Why? Let’s face it: Ransomware is most likely the single most reliable attack that cyber criminals have ever created. Anyone can develop ransomware utilizing easily available tools; any money received is most likely in untraceable Bitcoin; and if something goes wrong with decrypting someone’s hard disk drive, the hacker isn’t impacted.

A company is hit with ransomware every 40 seconds, according to some sources, and sixty percent of malware issues were ransomware. It hits all sectors. No industry is safe. And with the rise of RaaS (Ransomware-as-a-Service) it’s gon na worsen.

The good news: We can resist. Here’s a four-step fight plan.

Good Basic Hygiene

It starts with training staff members ways to deal with destructive e-mails. There are falsified messages from company partners. There’s phishing and target spearphishing. Some will get through e-mail spam/malware filters; staff members need to be taught not to click links in those messages, or naturally, not to give permission for apps or plug-ins to be installed.

Even so, some malware, like ransomware, is going to get through, often making use of out-of-date software or unpatched systems, as in the Equifax breach. That’s where the next action comes in:

Making sure that all end points are thoroughly patched and completely current with the current, most safe and secure operating systems, applications, utilities, device drivers, and code libraries. In this way, if there is an attack, the endpoint is healthy, and has the ability to best fight off the infection.

Ransomware isn’t an innovation or security problem. It’s a service problem. And it’s a lot more than the ransom that is demanded. That’s nothing compared to loss of productivity because of downtime, bad public relations, disgruntled clients if service is interfered with, and the cost of reconstructing lost data. (And that presumes that valuable copyright or safeguarded financial or client health data isn’t really stolen.).

Exactly what else can you do? Backup, backup, backup, and secure those backups. If you do not have safe, guaranteed backups, you cannot bring back data and core infrastructure in a timely fashion. That consists of making everyday snapshots of virtual machines, databases, applications, source code, and configuration files.

Services require tools to spot, recognize, and avoid malware like ransomware from dispersing. This needs continuous monitoring and reporting of exactly what’s occurring in the environment – consisting of “zero day” attacks that haven’t been seen prior to this. Part of that is monitoring endpoints, from the cellphone to the PC to the server to the cloud, to ensure that all end points are current and safe, and that no unforeseen modifications have actually been made to their underlying setup. That way, if a machine is infected by ransomware or other malware, the breach can be identified rapidly, and the device isolated and closed down pending forensics and recovery. If an endpoint is breached, fast containment is important.

The 4 Strategies.

Good user training. Updating systems with patches and fixes. Supporting everything as frequently as possible. And utilizing monitoring tools to help both IT and security groups find problems, and react quickly to those issues. When it comes to ransomware, those are the four battle tested strategies we have to keep our companies safe.

You can learn more about this in a brief 8 minute video, where I talk with a number of market experts about this issue: