Ransomware attacks have increased in popularity, and many outlets predict that it will be a $1 billion-dollar business this year. Ransomware is a form of malware that either locks users’ screens or encrypts users’ data, demanding that ransom be paid for the return of control or for decryption keys. Needless to say, but paying the ransom only emboldens the perpetrators and perpetuates the ransomware problem.
Ransomware is not just a home user problem, in fact many businesses and government agencies have been hit. Healthcare facilities have been victims. Even police departments have been attacked and lost valuable data. As one might expect, protecting against ransomware has become a top priority for CIOs and CISOs in both the public and private sectors.
Much of the cybersecurity industry has, in recent years, shifted focus to detection and response rather than prevention. However, in the case of ransomware, detection is pretty easy because the malware announces its presence as soon as it has compromised a device. That leaves the user to deal with the aftermath. Once infected, the choices are to:
- pay the ransom and hope that malefactors return control or send decryption keys (not recommended, and it doesn’t always work that way)
- wipe the machine and restore data from backup
Restoration is sometimes problematic if users or organizations haven’t been keeping up with backups. Even if backups are readily available, time will be lost in cleaning up the compromised computer and restoring the data. Thus, preventing ransomware infections is preferred. However, no anti-malware product is 100% effective at prevention. It is still necessary to have good, tested backup/restore processes for cases where anti-malware fails.
Most ransomware attacks arrive as weaponized Office docs via phishing campaigns. Disabling macros can help, but this is not universally effective since many users need to use legitimate macros. Ransomware can also come less commonly come from drive-by downloads and malvertising.
Most endpoint security products have anti-malware capabilities, and many of these can detect and block ransomware payloads before they execute. All end-user computers should have anti-malware endpoint security clients installed, preferably with up-to-date subscriptions. Servers and virtual desktops should be protected as well. Windows platforms are still the most vulnerable, though there are increasing amounts of ransomware for Android. It is important to remember that Apple’s iOS and Mac devices are not immune from ransomware, or malware in general.
If you or your organization do not have anti-malware packages installed, there are some no-cost anti-ransomware specialty products available. They do not appear to be limited-time trial versions, but are instead fully functional. Always check with your organization’s IT management staff and procedures before downloading and installing software. All the products below are designed for Windows desktops:
Kaspersky Anti-Ransomware Tool
The links, in alphabetical order by company name, are provided as resources for consideration for the readers rather than recommendations.
Ransomware hygiene encompasses the following short-list of best practices:
- Perform data backups
- Disable Office macros by default if feasible
- Deliver user training to avoid phishing schemes
- Use anti-malware
- Develop breach response procedures
- Don’t pay ransom
KuppingerCole will be publishing Leadership Compass reports on anti-malware and endpoint security solutions in the weeks ahead.