Aug 10, 2016 What Enterprises Should Do About Ransomware
If you’re an infosec professional, you’re probably pretty up to speed on ransomware. But do you have the right solutions in place to protect your employees and your organization?
Ransomware attacks have skyrocketed in 2016, moving beyond Cryptolocker and Cryptowall to Cerber2 (for which there is as yet no known fix) and Nemucod (which isn’t actually ransomware at all, but uses ransomware techniques to install backdoors for an as-yet undisclosed exploit).
And consumers are no longer the only targets: An informal survey of Nemertes’ clients indicates that at least half of enterprises have been hit, in some cases more than once.
Despite this, most infosec professionals persist in thinking of ransomware as a “consumer” problem. It’s not. Although most attackers are simply in it for the money, and could care less about disrupting business processes or obtaining trade secrets, the time, effort, and cost for a business to remediate a widespread ransomware attack is significant. And as noted above, attackers are now moving beyond straight ransomware towards approaches that can set businesses up to be breached.
So how can you best protect your organization against ransomware? These three steps should provide a solid bulwark:
1. Invest in endpoint security. Unlike its predecessor, anti-malware, endpoint security does not simply scan to avoid installing potentially malicious code. Techniques vary by vendor, but endpoint security manages endpoints to keep damaging code from executing–so it doesn’t count on being able to determine ahead of time whether or not code is “malicious”. Vendors such as Bromium, CarbonBlack, Crowdstrike, and Cylance make such tools–if you haven’t deployed them, accelerate your investment ASAP.
2. Make sure you have solid, real-time automated endpoint backup. The easiest fix for ransomware is to restore systems to their pre-attack configurations. This is a whole lot easier if you’ve automated the backup using tools such as Code42s CrashPlan. And having automated endpoint backup is useful for a whole host of issues, including onboarding new employees and disaster recovery.
Other good approaches include making sure systems are up to date and fully patched and deplyoing Web filtering systems such as those from Blue Coat (now Symantec). But don’t neglect the top three–or your company is at risk of becoming a statistic.