It goes by names like WannaCry, Locky, and CryptoLocker, and if the computers in your workplace were infected with one of these, or the many other variants of ransomware, you would know almost immediately. It generally starts with an email that asks you to download and open an attachment or enable macros on a document. Once you comply, the malware starts running in the background and encrypting all of your files using asymmetric encryption so that you cannot open and view them without the decryption key. Of course, that key is only made available to you once you pay the hacker the ransom; details for payment are made available to you via the new background the malware has set up on your computer.
This type of attack is a prime example of how cyber threats are continually evolving. It used to be that a network and computers could rely on anti-virus software, Bayesian filtering, and a good firewall to keep cyber threats at bay. However, the theft of money, government secrets, confidential information, and intellectual property has replaced hacking for fun. As such, threat actors have stepped up their game to circumvent the old means of protecting computer networks and their assets. In order to stay secure in today’s world, businesses need to employ the right technologies to defend against ransomware.
As threats have evolved to bypass traditional intrusion prevention and other network security solutions, the defenses that businesses turn to have evolved in kind. Referred to as threat detection, or advanced threat detection, these solutions rely on more robust technologies to spot possible attacks that have been created to elude other defenses.
While a trademark of legacy security solutions, threat detection systems employ signature-based detection technologies to help spot known threats. By eliminating the noise caused by these attacks, your threat detection solution can focus in on identifying other threats using:
- Reputation-based detection
- Custom and shared YARA rules
- Real-time analysis
Threat detection solutions also rely on sandboxing, a technique where untrusted files are sent to a secure environment. Here, the file or program is opened to see what happens. If the file is harmless, it is allowed to pass through. If some type of malicious activity is identified, then the file is blocked. More evolved threats, like most modern ransomware, can detect if the program is being opened in a sandbox, so it is important to look to solutions like Check Point’s SandBlast that prevent sandbox evasion techniques used by threat actors.
When we talk about threat mitigation in terms of cybersecurity, we are looking at ways to eliminate or reduce the exposure to risks from cyber attacks. At the very minimum, we want to reduce their impact. While this can be done by employing the right security solutions, true threat mitigation comes from a strategic plan that covers more than just the technical controls you put in place. True threat mitigation starts with policies and processes at a business level that identifies your most vulnerable, and attractive, resources and sets layers of security around them.
Threat mitigation requires access control through privileged user access solutions and awareness training to help less technical employees understand the risks they face, how to spot these risks, and what to do if they see something suspicious. After all, ransomware can’t install itself on a computer if the file is never opened or if the user account doesn’t have the privileges required.
You used to find companies that claimed they could help businesses get things back to normal after a ransomware attack. They would clean the computer of the infection and then ask, “Where are your backups stored?” You see, if a computer is infected with ransomware, you have two options for getting your files back. The first is to pay the ransom, and the other is to restore your files from your backups. If you don’t have backups of your data, then you are stuck with option one.
True, there are times when decryption keys for older ransomware is posted online. However, attackers aren’t using the old malware anymore. They want to get paid, so they are using the ones that lock your data up nice and tight.
With more than 4,000 computers being infected daily, your business needs to make sure that you have an effective backup and recovery solution in place to defend against ransomware.
With today’s evolving threat landscape, it is tough for businesses to fight back. It helps to be able to call in help from a trusted partner when you need it. By turning to a reputable managed security services partner, you can rely on years of experience and acquired knowledge to help protect your business and data against those who look to do you harm.