Written by Elliott Abraham, CISSP
Senior Security Architect at ADAPTURE
What is Ransomware?
Ransomware represents the convergence of malicious intent and the hope for financial gain among the new tactics and motives of threat actors. Tactically speaking, ransomware continues to leverage existing malware as a method of infecting end user systems with the new, somewhat sinister, twist of preventing users from accessing critical systems and files (or, in the latest iteration, even encrypting the files) until a ransom is paid. The classification of ransomware most know best is “crypto-ransomware,” the hallmark of which is the ability to encrypt files and systems until a ransom is paid. Once the ransom is paid, usually via bitcoin or other cryptocurrency, a decryption key is provided so that the end user can again gain access to his or her systems and files.
But you know that already, don’t you? So much has been written and reported about ransomware, that it is safe to assume most computer users have at least heard the term. One may not know the intricacies of how the various families of ransomware differ, or which types of encryption keys are used to encrypt/decrypt the files, but what is known is that ransomware = bad.
Establishing the thought that most of us know that ransomware = bad, there should be no logical reason we don’t take even some basic steps to protect ourselves from the worst of what ransomware attempts to subject us to. But many people are simply not taking the threat seriously enough. If you are guilty of one of the examples below, there’s a good chance you fall into that category.
- You have not implemented email security.
Email remains one of the most prolific attack vectors, with spamming and phishing being tools of choice to deliver the malicious payload containing ransomware. Effective email security is vital to protection of your virtual assets. Vendors like Cylance, Check Point, and FireEye have highly effective enterprise-level email security technology that we routinely implement for our clients.
- You have not deployed Next Generation Firewalls.
If you have not deployed NGFW technology to protect your perimeter or implemented next-generation endpoint protection, the question sadly begins with “when”, not “if”, ransomware will affect you. Next Generation Firewalls protect the perimeter, and endpoint protection devices offer a last line of defense. We recommend assessing the technology from Check Point, Sonicwall, Palo Alto, Cylance, F5, and FireEye, among other technology leaders in this space.
- You have not deployed and tested a credible backup and restore solution.
Let’s face it, with bitcoin prices rising almost daily, the ransoms will continue to increase as well. Many simply cannot afford to pay the ransom, so having the ability to restore systems or files from a known good backup in the event of an attack is critical. This lessens the likelihood of total disaster and potentially reduces downtime. Whether your backup is on-premise or in the cloud, we partner with several excellent technology vendors that can address your backup needs.
If you fall into one or more of the categories listed above, of if you’re concerned about your organization’s ability to handle an attack, contact the Solutions Architects at ADAPTURE today. Our team is eager to assess your infrastructure and develop a roadmap toward your security goals.
For more on ransomware attacks, click here: Three Ransomware Horror Stories.