Most organizations work hard to invest in reducing operating costs and improving the overall efficiency of their networks. But often there are unforeseen risks and costs are associated with the infrastructure connecting servers and hosts internally and out to third parties and devices. Without “agnostic visibility” into all traffic and network activity, hackers will always engineer methods to enter your network.
A lack of network visibility can allow ransomware authors to effectively repurpose your network to monetize your data against you. What follows will expose the organization to a whole raft of unforeseen risks and costs, many of which will exceed the original ransom demand.
Ransomware used to be more of a consumer or end-user problem. Now, criminal groups are infiltrating ransomware into your network, and every host, database, fileshare, system backup and is exposed to the risk of being turned into an extortion engine. While it is difficult to accurately estimate the impact of the enterprise ransomware epidemic globally, Trend Micro stopped 99 million threats between October last year and April 2016. Another indication of just how serious the problem is came at the end of March 2016, when both the Department of Homeland Security’s US-CERT and Canada’s Cyber Incident Response Centre (CCIRC) issued a major warning to organizations and businesses on the dangers of ransomware.
The warning listed some of the potential repercussions for businesses:
By either encrypting data and/or preventing access to a host, system, server or application, your adversary will seek an extortion payment in exchange for a promise to return your data to normal use. From a network perspective, there’s more at play here that whether or not to pay. Organizations should consider the following:
You can’t defend your network against what you can’t see
Ransomware can infiltrate your network through any nook or cranny that is either unmonitored or appears normal to the naked eye. To remedy what amounts to a ‘ransomware cataract” within your network, you need clear line of sight into network traffic, ports, and protocols across both physical and virtual segments of your network. Combined with the power of extensive detection techniques such as advanced threat scanning, custom sandbox analysis and correlated threat insight, you will have the network equivalent of laser eye surgery: you will gain unrestricted visibility into attempts to hijack your network along with the systems, applications data and intellectual property therein.
The value of gaining that visibility is extensive:
You need a Network Defense strategy to prevent ransomware from infiltrating and spreading within your network. Trend Micro Deep Discovery Inspector is a single appliance designed to detect malicious payloads, malicious traffic, C&C communications, attacker behavior, exploits and other activity indicative of a ransomware attack across all your network traffic and segments. The visibility Deep Discovery Inspector provides can be shared with Trend Micro and third party security tools to help stop ransomware from spreading to other endpoints and servers.
Deep Discovery Inspector delivers:
Advanced detection across all network traffic, ports and more than 100 network protocols to identify ransomware and malicious network behavior across the entire attack lifecycle.
Sandbox analysis designed to replicate your IT environment to detect file modifications, encryption, and malicious behavior indicative of a ransomware attack
Integration with Trend Micro email and web gateways, endpoint and server protection, and third party solutions to offer a connected threat defense where new threat information is shared across multiple layers.
In short, it’s all about taking proactive steps to limit the impact and reduce the risk of a repeat ransomware attack. This means taking a defense-in-depth approach: a layered security architecture which establishes agnostic visibility into all network activity at its heart. Combined with email and web protection and endpoint and server protection, it will help you fully minimize the risk and costs associated with the modern ransomware epidemic.
Click here to read Part 5: Time to Shield Your Servers Against a New Breed of Ransomware.
In the final part of the series we’ll discuss how organizations can protect their servers to further mitigate risk.