What Enterprises Should Do About Ransomware

What Enterprises Should Do About Ransomware

If you’re an infosec professional, you’re probably pretty up to speed on ransomware. But do you have the right solutions in place to protect your employees and your organization?

Ransomware attacks have skyrocketed in 2016, moving beyond Cryptolocker and Cryptowall to Cerber2 (for which there is as yet no known fix) and Nemucod (which isn’t actually ransomware at all, but uses ransomware techniques to install backdoors for an as-yet undisclosed exploit).

And consumers are no longer the only targets: An informal survey of Nemertes’ clients indicates that at least half of enterprises have been hit, in some cases more than once.

Despite this, most infosec professionals persist in thinking of ransomware as a “consumer” problem. It’s not. Although most attackers are simply in it for the money, and could care less about disrupting business processes or obtaining trade secrets, the time, effort, and cost for a business to remediate a widespread ransomware attack is significant. And as noted above, attackers are now moving beyond straight ransomware towards approaches that can set businesses up to be breached.

So how can you best protect your organization against ransomware? These three steps should provide a solid bulwark:
1. Invest in endpoint security. Unlike its predecessor, anti-malware, endpoint security does not simply scan to avoid installing potentially malicious code. Techniques vary by vendor, but endpoint security manages endpoints to keep damaging code from executing–so it doesn’t count on being able to determine ahead of time whether or not code is “malicious”. Vendors such as Bromium, CarbonBlack, Crowdstrike, and Cylance make such tools–if you haven’t deployed them, accelerate your investment ASAP.
2. Make sure you have solid, real-time automated endpoint backup.  The easiest fix for ransomware is to restore systems to their pre-attack configurations. This is a whole lot easier if you’ve automated the backup using tools such as Code42s CrashPlan. And having automated endpoint backup is useful for a whole host of issues, including onboarding new employees and disaster recovery.
3. Train, train, train your employees… and did we say train?  Most ransomware arrives in the usual fashion, via downloads of executables or links that employees click on. Nemucod, for instance, arrives as an email ZIP attachment pretending to be an invoice and containing an infected executable JavaScript file. Employees should know better than to click on invoices from parties they don’t recognize–but infosec teams need constant vigilance to keep that awareness front of mind.

Other good approaches include making sure systems are up to date and fully patched and deplyoing Web filtering systems such as those from Blue Coat (now Symantec). But don’t neglect the top three–or your company is at risk of becoming a statistic.

Share this post