Joseph Carson

Guest column by Joseph Carson, Chief Security Scientist at Thycotic.

“Ransomware” is on the rise using “targeted phishing attacks” and is being used for financial blackmail and poison or corrupt data. No one is excluded from these threats and no company or individual is too small to be a target. Ransomware has become such a threat due to its many variations and its drastic impact in restricting access to systems and data, therefore, making day to day business unavailable and shutting down access to critical systems.

Existing perimeter solutions today have failed to detect and prevent ransomware from infecting and spreading within the organization’s networks creating mass operational disruption and with signature-based antivirus unable to prevent and detect due to the uniqueness and quickly growing variants of ransomware.

Several hospitals have been attacked making critical systems unavailable resulting in a state of emergency being declared with patients being redirected to alternative hospitals for procedures. Recently a hotel was impacted with ransomware making customer’s unable to enter their hotel rooms. In some incidents, companies resorted to their backup solutions restoring the data only to find the ransomware returned as it was also contained within the back-ups.

Ransomware is quickly moving to more and more platforms and with recent introductions of ransomware-as-a-service making it now possible for anyone with no or limited technical knowledge can easily deploy ransomware to make money.

So, the question is how can you protect against ransomware and avoid being the next victim?

You can follow these recommendations and best practices which will not only reduce the risk against ransomware but any malware that could lead to unauthorized access or data loss.

  1. Employ a data backup and recovery plan for all critical information.
  2. Use application white-listing to help prevent malicious software and unapproved programs from running.
  3. Keep your operating system and software up-to-date with the latest patches.
  4. Maintain up-to-date anti-virus software and scan all software downloaded from the Internet prior to executing.
  5. Restrict users’ ability (permissions) to install and run unwanted software applications and apply the principle of “least privilege” to all systems and services.
  6. Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine.
  7. Do not follow unsolicited web links in emails. Refer to the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks for more information.

To learn more about how to protect against ransomware you can download the free, “Ransomware on the Rise” whitepaper.