Throughout the years, ransomware has plagued many people. From schools to hospitals, major corporations to home users, no target has been off limits for them. According to CSO, the first ransomware appeared in 1989. Its next appearance was in 2006 and has since grown to be a consistent threat to the public.
As the name implies, ransomware is a type of malware that interferes with a system and demands payment from the user. The malware itself is a Trojan that installs itself onto a computer. There have been many variants in that time, including Reveton and CryptoLocker, which have their own ways of accomplishing their goal. Most forms of ransomware break down into two categories.
At the end of the day, extorting money is the end goal of ransomware. This leaves us with just one simple question. Do we pay or do we refuse to pay? If we refuse to pay, then the machine remains locked or the file(s) remain encrypted. If recent backups have been made, then we could revert to them. If not, then we run the risk of either restoring it to out-of-date data or not being able to restore it at all. On the other hand, say we did pay the ransom...would the attacker even make good on their word? They could very well take the payment and run, leaving your machine/file(s) locked anyway. If they do undo their changes, who’s to say they won’t just hit us with more ransoms in the future? Unfortunately, there is no “one size fits all” solution to this. Ultimately, it is up to the user whether or not to pay the ransom. However, this is not something that is recommended by the Information Security community.
That is not to say that all is lost and that there is nothing you can do to protect yourself. There is no single action you can take. Whether its file backups, software updates, antivirus or other security solution, there is always something you can try. It would be better, though, to employ a strategy that incorporates some form of each, rather than rely on just a single control.
A Zero Day threat prevention solution can help you out at the perimeter level. Such tools can analyze files and links that come in through email. In this way, the solution can keep an eye out for malware, exploits, malicious URLs, as well as strange behaviors of files. This can be done proactively, thus allowing for near real time detection. Different solutions offer different features and outcomes. Some also allow for endpoint detection and analysis, as well as a database of known threats that the solution can communicate and provide data in order to help other users protect themselves.
The weakest link in all of these situations is the end user. It is recommended to run periodic Security Awareness training sessions to cover the company defined security practices. Given its prevalence in spreading ransomware, email is one of the biggest items to cover during training. The basics are still the most applicable rule here: do not open any attachments nor click on any links in an email when you do not know the sender.
Ransomware further illustrates the need for a comprehensive security approach.
On their own, neither piece can fully stand up to the threat. Combining each practice together, however, may just give you a shot. Sequris offers consultation on all of these solutions, and can help you put a plan in place to secure your IT profile. What are you doing to protect your organization?