According to the recently released 2016 H2 Global Threat Intelligence Trends report from global network cybersecurity vendor Check Point, ransomware attacks almost doubled in the second half of 2016 alone, with thousands of new ransomware variants. Clearly, the rapid and constant evolution of ransomware requires that businesses and enterprises move away from asking, “How does ransomware work today?” to “How will ransomware work tomorrow?”
The development of faster and more effective propagation methods by ransomware authors is based on self-propagation that allows ransomware to move autonomously through a network. This constant ransomware evolution and stealth approach requires IT departments to develop methodologies and utilize tools and technologies that are proactive rather than reactive.
The first step, of course, is educating end users about how ransomware can creep up on them via:
- Phishing emails and malicious links in attachments
- Drive-by downloads from malicious or compromised websites
- Exploit kits that open the door to hacks simply by visiting a webpage
Even internal IT teams cannot always keep up with core enterprise network security tasks such as:
- Keeping anti-virus and other security software updated
- Whitelisting allowed software and preventing anything else from being executed
- Creating comprehensive backup strategies and properly executed testing schedules
- Being vigilant about applying patches to apps and systems
Moving forward, IT security teams will need even more sophisticated, proactive approaches that go far beyond the above methods in order to detect advanced malware before it can take hold. This means having security solutions and services support that provides continuous monitoring, prevention, and detection. That includes having ongoing vulnerability and penetration testing to uncover malicious software and behavior anomalies in systems and networks.
Vulnerability and Penetration Testing
Two of the best ransomware protection tools that should be used by IT departments are known as vulnerability testing and penetration testing. Although they sound similar, they are different approaches. While a vulnerability test reveals weaknesses in a system or network, penetration testing tells you how bad a specific weakness may be.
In order for these tests to be effective, businesses should not only perform them quarterly but also after:
- Network infrastructure or application additions
- Infrastructure or application modifications
- Significant system upgrades
- Additions of new endpoints such as branch offices
- Security patch applications
- End-user policy modifications
Backup and Testing
One of the most important aspects to a proactive approach to ransomware is that IT teams not only have a backup strategy in place but that they test those backups regularly. This can and should include full restorations, as well as more targeted restorations.
In each case, it is often crucial to have outside support for backup testing and development of a backup strategy, whether you have no internal IT support or a large internal IT staff. That’s because it’s not uncommon for even internal IT teams to fail to test their backups. Failure to do so correctly and regularly can mean that a ransomware attack becomes a crisis that a business cannot recover from.
Comprehensive Cybersecurity Software Implementation
In an evolving ransomware threat landscape, the answer to the question of “How does ransomware work?” can be deceiving. Although the methods used by attackers can be simple, it is the persistence of the threats that makes them truly dangerous to every business.
All of the methods used by proactive IT teams regardless of their size or level of sophistication cannot meet that persistence with just human intervention. This is why all of these methods require sophisticated software solutions that provide multi-level, proactive tools that go to the heart of systems and networks in ways that go beyond the capability of human intervention.
Today, there are sophisticated tools that guard against zero-day threats and provide evasion-resistant malware detection. Multilayer detection technologies like Check Point SandBlast and CrowdStrike are sophisticated solutions that use threat emulation sandboxing and sophisticated threat extraction technologies to detect and block malware threats. While some are cloud-based solutions and others are on-site software, they collectively provide proactive detection and elimination across the network at the endpoint and even the CPU level.
Ultimately, a proactive IT department is the best protection against ransomware and other cybersecurity breaches. Regardless of whether a business has an internal team or not, having third-party IT support that makes cybersecurity a core part of its offerings can ensure that a business is prepared for an evolving threat landscape.