<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

The No-Nonsense Guide to Driving Ransomware Out of Business

Topics: Trojan Horse, Data Protection, Ransomware, Exploit, Cyber-Crime, Encryption

Posted: 08 September 2016


I know what you’re thinking…not another ransomware publication. It has certainly been the hottest IT security topic of summer 2016 and shows no signs of slowing. On LinkedIn alone there has been over 5,000 posts in past six months regarding the subject. The publicity is warranted and there are enough publications with explanations and scary statistics to test the resolve of even the hardiest of IT administrators. However, what is distinctly lacking is a sensible and comprehensive step-by-step plan to deal with these threats.

When I was filmed for the Business Reporter in August on the subject of ransomware, I was asked how organisations should prepare for the threat of ransomware. For the sake of keeping the video to a palatable length, I responded with a brief four-step plan, part proactive and part reactive, which all organisations can follow with little change to their existing networks.

As article readers are generally a little more patient than video watchers, I can expand on these steps:

1. Proactive: System Defence

Ransomware has been observed in almost all cases to be delivered in file-based Trojan format, put simply: email attachments, web downloads and removable media. It stands to reason that in that case, egress, ingress and storage points for files should be monitored and scanned. In addition to this, patching applications and operating systems shrinks your attack surface making it harder to exploit. In fact, it is reported that 44% of all breaches involve vulnerabilities which were patched up to four years ago (HP, 2015).

2. Proactive: User Defence

File based malware is reliant on user interaction to become active, and so relies on the power of persuasion to attempt to fool a user into executing it. Emails purporting to be from suppliers, CVs and offers of job promotion are all examples of social engineering witnessed in ransomware attacks. However, your users with training can become your best form of defence. No one is better at spotting out of the ordinary behaviour in a job role than the person who occupies that job role. Leveraging that power may not just be the best form of defence but also the last.

3. Reactive: Backup Critical Systems

Despite some older and less sophisticated ransomware strains being reversible, the more modern versions have evolved to be more resilient. By far the best response to a ransomware infection is to restore the endpoint to a point prior to infection. This of course begs two questions: are you backing up your critical systems? And are those backups on a location which is also not susceptible to infection?

4. Reactive: Payment

I cannot stress how important it is that you should never pay. It has been reported that ransomware has become the most profitable malware for cyber-criminals with the projection that by the end of 2016, we would have spent nearly one billion dollars on ransoms (Herjavec Group, 2016). Every time someone pays, we make this form of attack more attractive to the cyber-criminals. We encourage them and even fund the development of the next strain of ransomware. Never pay and we use what we know about business against them: supply and demand.

This is not a definitive cure, regardless of what you may have been told, there isn't one. But these four steps go a long way to reducing your overall risk of ransomware infection. Risk management, that crucial cornerstone of IT security which always has and always will be the best form of defence.

defend against ransomware whitepaper


Infinigate UK
Posted by: Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts