Nine Ways to Protect an Enterprise Against Ransomware
Unlike the stealthier advanced attacks that can stay undetected on corporate network for months, the impact of ransomware is immediate and intrusive.Ransomware infiltrations in enterprises increased by 35 percent in 2016, according to consensus of security industry analysts and vendors, including Symantec. But even more alarming is the recent rise in its sophistication and distribution. Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. It can bring your business to a halt and cause significant financial damage. Unlike the stealthier advanced attacks that can stay undetected on corporate network for months, the impact of ransomware is immediate and intrusive. Cyber attackers don't need a lot of money, resources or technical sophistication to use ransomware. Businesses are increasingly concerned about monetary damage, business downtime and other effects of ransomware. Here are nine important steps, provided as industry information by enterprise security provider Landesk, that an enterprise should take to protect against a malware attack.
1. Patch the Critical Operating Systems and Applications
For most organizations, patching should be the first or second line of defense against any attack, including ransomware.
2. Ensure that Antivirus Software is Up to Date and that Regular Scans Are ScheduledIf patching is your first line of defense, then antivirus (AV) should be the next one. Security researchers know by now that most ransomware attacks cannot be stopped by traditional, signature-based AV solutions. However, you don't want to fall victim to malware threats that are already identified and tagged by your AV vendor. Ensuring that your virus definition database is always up to date on all your workstations is the most important element of an effective AV strategy. Good security management software can automate this process. Good solutions can distribute the latest virus definition file to all your endpoints in any size of environment very efficiently bandwidth-wise.
3. Manage Carefully the Use of Privileged AccountsMinimizing privileges is an important tactic to protect against many types of malware, including ransomware. For example, a recently discovered ransomware attack called "Petya" requires administrator privileges to run and will do nothing if the user doesn't grant those privileges. Removing administrator rights is easy, but balancing privileged access, user productivity and enterprise security isn't. Thus the need for privilege management solutions. However, one thing to consider when protecting against ransomware is that many ransomware attacks are simply executables that users are tricked into running. Once executed, those ransomware instances run inside the current user space and don't require any administrator privileges to do their damage. For example, an updated version of the recent Petya ransomware attack has a fallback mechanism that allows it to encrypt files without the need for administrator privileges.
4. Implement Access Control that Focuses on the DataAn effective access control solution can help you protect against ransomware. However, if the solution focuses primarily or exclusively on user-access rights, it will likely prove less than effective. Access control can be highly beneficial for protecting files located in shared drives. That's because some users may always have legitimate rights to access and modify at least some files on every shared drive. After all, most of those files are document files created by legitimate users. This means that a ransomware attack that successfully infects the system of a user with legitimate access rights can encrypt and hold hostage all of the files on all connected, shared drives and folders. Compared to traditional access control, the new-gen method of data protection relies on understanding the behavior of ransomware and does not require creation and management of user-specific (and ever-changing) rules. It is therefore also easier to implement and maintain than access control based on user-rights management.
5. Define, Implement and Enforce Software RulesGood enterprise software also makes it easy to define, implement and enforce rules that govern how other software behaves. Rules can restrict the ability of designated software to execute, or to create, modify, or read any file, or files located in specific folders—including the temporary folders used by browsers and other programs. Those rules can be applied globally or to specific users or groups. However, before implementing such rules, it is important to consider the user experience degradation such rules can introduce. For example, when installing new or updated software, legitimate users are sometimes required to decompress ("unzip") or execute files directly from their browsers. Users may also rely upon the ability to create or invoke macros to do their jobs. Software restriction rules may block these otherwise legitimate activities.
6. Disable Macros from Microsoft Office FilesDisabling macros from Office files will block many types of malware, including ransomware. For example, Locky is a relatively new crypto-ransomware that spreads primarily via spam with attachments. It entices users to enable macros in Word documents that download the malware onto machines.
7. Implement Applications Whitelisting This solution effectively eliminates the ability of any ransomware to run, since no ransomware is trusted. It ensures that only known applications designated as trusted can run on any endpoint. The biggest challenges to the success of whitelisting are creating the initial list of trusted applications, and keeping that list accurate, complete, and current.