Ransomware isn’t anything new, yet more than 3/4 of organizations targeted by ransomware attacks still do not have security in place that can prevent infection. What happens when your device gets infected with malware? The malware encrypts your files and then pins you to pay a hefty ransom to release your data. The recent WannaCry attacks made headlines in mid-May as the main topic of discussion for ransomware in 2017. Organizations and government agencies are doubling down to combat ransomware attacks with many defense tactics including phishing training, optimized backup and restore plans, and enhanced patch management.
You might be asking yourself what the next ransomware attacks might look like. It’s starting to look a lot like IoT devices. Not only smart toys for the kids and fun household devices but also commercial sensors, power grids, implantable cardiac devices, and more. The Internet of Things is powering innovative and critical systems in your daily lives. So, what if a cybercriminal managed an attack on these important everyday devices? You could likely expect utter chaos…
(Photo credit: http://www.geekculture.com/joyoftech/joyarchives/2340.html)
As an IT security leader, you must gain control and take preventative measures against these types of cyber-attacks or risk losing revenue, privacy, IP, or your job. In this blog, we share three fundamental tips for protecting your assets from not just ransomware attacks, but malware attacks in general.
Ransomware (and other malware) is very often spread via email. Targeting is very straightforward using email as an attack vector since a domain name is a great identifier. This allows for targeting by vertical, too – in 2016, health care providers were especially targeted by ransomware. To help prepare for this, phishing training is especially recommended. In our phishing training, training campaigns are set up and managed for the organization and its end users.
The first one I ran several years ago was set up to be a notification from Amazon that a purchase had been completed for a copy of Hunger Games, and prompted the user to confirm by clicking a link. Others appeared to be messages from IT with a link to a password change page that prompted for current login and password, or a prompt to confirm a mailing address for a courier delivery. If the user fell for the ruse, a web page popped up with a quick phishing training exercise. Metrics on results by groups of users helped to track progress. Soon, I had people stopping me in the hallway, telling me they hadn’t fallen for my trick email that day – only I hadn’t sent one, they’d detected a phishing attempt on their own. Phishing training works!
Here are some indicators that an email is a phishing attempt:
- Simple Name <local-part@domain-name> mismatch. If the from address looks fishy, it may be phishy.
- Presence of MS Office attachments. Email is not an optimal way to share data in its native format.
- Prompting to change credentials. Doing so is an insecure practice, and your IT Department or Bank is extremely unlikely to do so.
- A threat is issued unless the requested action (i.e. click-through) is performed. Examples are “or risk your account being locked out” or “charges will be automatically billed”.
Anti-spam systems for on-premises or cloud-based email will also go a long way toward lowering the risk of a phishing attack.
Backing Up Your Data Is Your Duty
Another commonly overlooked yet equally important aspect of your security strategy includes backing up your data. In the event your data is compromised or deleted, you need to have a plan for its recovery. While 57% of IT managers have a backup solution in place, 75% of them were not able to restore all the data lost to ransomware.
Regularly planned backups ensure that your data isn’t lost forever and is often used to restore your data if a successful attack takes place. A good rule of thumb is the 3-2-1 rule. You essentially keep three copies of your data on two different types of media with one copy stored in an off-site location. As an added measure of security, you can encrypt and password protect your backups that contain sensitive data.
The CIO of a large law firm recently told us that he’d seen two ransomware attacks in the past year, and it was his backup program that remediated for him. He had the infected laptop pulled from the network, rolled back a restore for all infected file shares, and was back to normal in 30 minutes.
System Patching is Important
Successful cyberattacks like WannaCry target and exploit vulnerabilities in your operating system and software applications. WannaCry spread like a worm, exploiting a Windows SMB vulnerability rather than using methods such as phishing or drive-by attacks (often instigated by compromised ad networks advertising on the page). Interestingly, Microsoft had issued a patch to fix the vulnerability, but plenty of people had not applied it, and that’s what made this exploit so successful.
Hundreds of patches are released every month by software distributors. In fact, on average, research points to more than 60 vulnerabilities per day in 2017 and that number is rising quickly. However, the process of patching hundreds of machines becomes increasingly complex if done manually: it doesn’t scale well. Nonetheless, and not specific to ransomware, it’s critically important to keep your systems up-to-patch to manage vulnerabilities.
A solid patch management system starts with a comprehensive discovery and inventory of your systems using tools to automate the process. You should devise your own patch management strategy and plan for managing patches and upgrades or employ the consulting services of an expert security consultant that can help you handle these changes. A comprehensive security strategy will include automated software patches and eliminates the potential for cybercriminals to exploit your software and OS vulnerabilities.
Your best defense with ransomware to educate your end users on the ploys of phishing scams, deploy a solid backup and restore plans, and automate your patch management. In a sea of scammers, don’t be lured in as an unsuspecting victim of cyber fraud and ransomware. Take precautions and plan for defense in your security. What other security measures do you leverage to secure your organization?