Ransomware attacks have increased in popularity, and many outlets predict that it will be a $1 billion-dollar business this year. Ransomware is a form of malware that either locks users’ screens or encrypts users’ data, demanding that ransom be paid for the return of control or for decryption keys. Needless to say, but paying the ransom only emboldens the perpetrators and perpetuates the ransomware problem.
Ransomware is not just a home user problem, in fact many businesses and government agencies have been hit. Healthcare facilities have been victims. Even police departments have been attacked and lost valuable data. As one might expect, protecting against ransomware has become a top priority for CIOs and CISOs in both the public and private sectors.
Much of the cybersecurity industry has, in recent years, shifted focus to detection and response rather than prevention. However, in the case of ransomware, detection is pretty easy because the malware announces its presence as soon as it has compromised a device. That leaves the user to deal with the aftermath. Once infected, the choices are to:
- pay the ransom and hope that malefactors return control or send decryption keys (not recommended, and it doesn’t always work that way)
- wipe the machine and restore data from backup
Restoration is sometimes problematic if users or organizations haven’t been keeping up with backups. Even if backups are readily available, time will be lost in cleaning up the compromised computer and restoring the data. Thus, preventing ransomware infections is preferred. However, no anti-malware product is 100% effective at prevention. It is still necessary to have good, tested backup/restore processes for cases where anti-malware fails.
Most ransomware attacks arrive as weaponized Office docs via phishing campaigns. Disabling macros can help, but this is not universally effective since many users need to use legitimate macros. Ransomware can also come less commonly come from drive-by downloads and malvertising.
Most endpoint security products have anti-malware capabilities, and many of these can detect and block ransomware payloads before they execute. All end-user computers should have anti-malware endpoint security clients installed, preferably with up-to-date subscriptions. Servers and virtual desktops should be protected as well. Windows platforms are still the most vulnerable, though there are increasing amounts of ransomware for Android. It is important to remember that Apple’s iOS and Mac devices are not immune from ransomware, or malware in general.
If you or your organization do not have anti-malware packages installed, there are some no-cost anti-ransomware specialty products available. They do not appear to be limited-time trial versions, but are instead fully functional. Always check with your organization’s IT management staff and procedures before downloading and installing software. All the products below are designed for Windows desktops:
The links, in alphabetical order by company name, are provided as resources for consideration for the readers rather than recommendations.
Ransomware hygiene encompasses the following short-list of best practices:
- Perform data backups
- Disable Office macros by default if feasible
- Deliver user training to avoid phishing schemes
- Use anti-malware
- Develop breach response procedures
- Don’t pay ransom
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
The EU GDPR (General Data Protection Regulation), becoming effective May 25, 2018, will have a global impact not only on data privacy, but on the interaction between businesses and their customers and consumers. Organizations must not restrict their GDPR initiatives to technical changes in consent management or PII protection, but need to review how they onboard customers and consumers and how to convince these of giving consent, but also review the amount and purposes of PII they collect. The impact of GDPR on businesses will be far bigger than most currently expect. [...]