Ransomware is without a doubt one of the most talked about, feared and wide spread threat in 2017. And its unlikely to fade away anytime soon as these master cyber criminals "commercialise or monetise" their creations in the form of malware-as-a-service to cater to an even larger market of amateur hackers looking to grow their bit-coins revenue.
Here are a 3 key steps that you can take to defend your computer and those of your organisation from such attacks:
1. Endpoint Protection.
Most endpoint protection suites available in the market now comes bundled with advanced anti-malware, anti-spam, anti-phishing and fire-walling capabilities for desktops and laptops. These packages also frequently use reputation services or threat intelligence feeds to determine the likely intent of a file. We partner with the following vendors for such solutions: Sophos, Symantec, F-Secure, Trend Micro and ForcePoint.
To provide safeguard for servers, Unified Threat Management (UTM) solutions offer similar anti-ransomware features as endpoint protection suites. Our partners in this space includes: Fortinet, WatchGuard, Juniper and Palo Alto Networks.
2. Vulnerability Management.
The next layer of defense in preventing ransomware infection is vulnerability management, which requires IT to focus on patch management and configuration management.
Patch management includes updating an endpoint’s operating system and applications, especially email clients and web browsers, to eliminate many of the vulnerabilities that ransomware might try to infect.
IT will also want to double-down on configuration management. Some ransomware takes advantage of weak security configuration settings. For example, if an operating system allows silent installation of new software and a user has logged on with full administrative privileges, ransomware could infect an endpoint without that person having any opportunity to stop it.
3. The Last Line of Defense: Application Whitelisting.
If other security controls don’t stop the ransomware, the last layer of defense is application whitelisting. With this technique, an operating system only allows an executable to run if the Company's IT has specifically approved its use. Depending on the whitelisting technology, IT can grant executables permission to run based on methods such as file hash or software vendor identity. In some cases, the software only authorizes new executables to run if they were acquired by the operating system’s built-in update feature.
Even if a user is tricked into downloading and installing ransomware, whitelisting technology prevents the user from running it, regardless of their privileges.