Things move pretty fast in the cyber security space. A year ago, there were many CISOs and security managers who might not have even heard of ransomware. That’s certainly not true today. It has fast become one of the biggest concerns for anyone working in IT security, and rightly so. The cyber extortionists behind this rapidly spreading online epidemic are constantly adapting their tactics.
That’s why, to mitigate the risk of infection as effectively as possible, Trend Micro recommends organizations take a layered approach to security – from the gateway to the network, server and endpoint.
What is ransomware?
Quite simply, ransomware is a kind of malware which makes your corporate data and systems inaccessible. It does this either by locking PCs or more commonly encrypting the data in a way that is practically unrecoverable – forcing the individual or company to pay a ‘ransom’ to regain access. The scale of the problem is simply huge. Between October 2015 and April this year, Trend Micro had blocked 99 million ransomware threats. And that’s just protecting our customers – the true volume of actual ransomware infections could be many times this figure.
People may be used to ransomware as a home PC security problem, but it’s not just consumers affected now. Ransomware has moved on to organizations. A ransomware infection is particularly damaging for an organization because it literally renders some or all corporate data unusable. The implications are obvious: business disruption, lost productivity and brand/reputation damage on a massive scale. In February it was reported that the Hollywood Presbyterian Medical Center declared an “internal emergency” after just such an attack – which forced staff to return to fax machines and pen and paper and even led to the cancellation of treatment for patients.
Defense in depth
Tools exist to unlock certain strains of ransomware, but IT managers can’t assume they will work. And there’s no guarantee that even paying the ransom will result in your files being unlocked. The key is to block the malware before it even reaches the organization – through layered security.
Why does it need to be layered? Because the malware-writers are constantly adapting their code to bypass filters and target different parts of the IT environment. You may have email gateway protection, for example, but what if one of your employees visits an infected webpage? Likewise, the black hats are also beginning to target their malware at server infrastructure via variants such as SAMSAM. In short, there is no silver bullet to preventing this cyber threat – it’s all about mitigating risk as effectively as possible, by putting more checks and blocks in the way.
Trend Micro recommends protection at the following points:
1) Email and Web Gateway Protection
This will give you a good chance of preventing most ransomware from reaching your users – whether that’s via a phishing email or a malicious website. Remember that even if you use a cloud-based email platform like Microsoft 365 with its own built-in security it’s a good idea to bolster this with additional protection from a third party provider. Seek out solutions which at the very least offer:
At the web gateway, you’ll need real-time web reputation, sandbox analysis and the ability to scan for zero-day and browser exploits.
2) Endpoint Security
A small percentage of ransomware threats might make it through the web/email gateway protection. That’s why it’s important to include endpoint security which monitors for suspicious behavior, enforces application whitelists and features vulnerability shielding to protect against unpatched vulnerabilities that ransomware often takes advantage of.
3) Network Defense
Ransomware can also get in to the organization and spread via other network protocols. So put in place network security with advanced detection capabilities across all traffic, ports and protocols to stop it infiltrating and spreading.
4) Server Protection
This is where most of your critical enterprise data resides, so it’s essential to ensure any unpatched vulnerabilities are protected from ransomware via virtual patching. Choose a security solution which can monitor for lateral movement and file integrity.
Remember also that security solutions are only part of the answer to risk mitigation. Think also about improving user education so employees avoid opening suspicious emails; network segmentation to reduce the spread of malware inside the organization; and automated back-up – with one media offline so that if the worst happens, it won’t also be infected.
Get protected with ransomware protection from Trend Micro, to learn more visit http://www.trendmicro.com/enterprise-ransomware.
Click here to read Part 2: Email and Web Gateway – Your First Line of Defense Against Ransomware.