Leadership Brief

Defending against ransomware

Ransomware is an epidemic. Prevention is the best strategy. Don’t give up and pay the ransom.

John Tolbert

jt@kuppingercole.com

1 Recommendations

Defense is the best option. Once users see the ransom notes, the damage has usually been done.

Training: Defense in depth starts with good security training for users: avoid suspicious links and sites, and don’t open attachments. Use 3rd party anti-phishing training.

Disable Macros: By default in both local installations and Office 365. Instruct users to only enable when necessary.

Edge Net Filtering: Use appliances or proxies that perform in-line scanning of web and email traffic to remove malicious attachments, and block access to nefarious sites and malvertising ads. Augment with real-time updates from cyber threat intelligence subscription services.

Endpoint Security: Deploy comprehensive endpoint security tools with

  • Anti-Malware Signature-based anti-virus has become largely ineffective, with polymorphic malware able to change the characteristics of malicious payloads to evade detection. Implement endpoint security packages that use heuristic/behavioral analysis techniques to look for and quarantine suspicious code, e.g. code that calls encryption libraries.
  • Privilege Management Enforce least privilege for users and deny malware access to advanced OS functions.
  • Application Whitelisting Prevent malware from using common desktop applications to perform Just-in-Time malware assembly and encryption.
  • Patching Reduce the attack surface by ensuring that vulnerabilities within OSes and applications are mitigated as quickly as possible with rapid and automatic patching.

Data backups: Data backups are essential to prevent information loss in case of ransomware attacks. Enterprises are usually very good at backing up server-based repositories, but sometimes miss data on desktops and laptops.

Sterilize and restore procedures: To decrease downtime in cases where ransomware attacks have succeeded, have automated procedures available to quickly flatten and reload operating systems and users’ applications, as well as user data.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.