How to Combat Ransonware Viruses

Network Security

Sitting around the family table last night, our discussion turned to network security. Why? Because it affects everyone from my 83 year old father using his iMac to my 16 year old nephew gaming in his basement. My brother in law, who works as an M&A consultant is concerned as is my sister the HR executive. We seem to be surrounded by cyberthreats – that are more real than perceived. The Internet is a nasty neighborhood that we all pass through daily. It is a crime ridden and dangerous Gotham that we are all stuck in, you need to know how to act.

Just like evolution from viruses, to botnets and malware families that we’ve seen over the past decade, bad actors continue to find new ways of reinventing old threats. Today, the top trend in modern malware is the proliferation of ransomware. Ransomware has come a long way from the non-encrypting lockscreen FBI scare warnings like Reveton. In 2016, there has been a constant flow of new ransomware families popping up, like Locky, Cerber, Madeba and Maktub, and this is only expected to pick up steam over the summer. Ransomware is very damaging.

 

Install the latest patches for your software, especially Adobe, Microsoft and Oracle apps

A common way in for ransomware is via exploit kits, like Angler. These bundle many application vulnerabilities into one kit, and try drive-by exploits for each one in sequence. The more your apps are outdated, the more likely, some of these exploits might work and infect you with ransomware.

Use network protection

A very important part of a comprehensive security strategy is to use network traffic monitoring system that is based on machine learning and behavior analysis. As most of these attacks come in via internet channels, make sure your network protection can parse and analyze both email and web traffic.

Use a comprehensive endpoint security solution with behavioral detection

The endpoint (user’s computer) is whether the ransomware infection takes place. So it is important to use a modern security solution here as well, with a signature-less approach. Signature-less approach, aka behavior detection is the only way to catch zero-day threats, that are new and do not have signatures written for them yet.

Turn Windows User Access Control on

Windows has added this security feature to help you stay in control of your computer by informing you when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. If you’re doing tasks that can be done as a standard user, such as reading e‑mail, listening to music, or creating documents, you have the permissions of a standard user—even if you’re logged on as an administrator. Take full advantage of it.

Be skeptical: Don’t click on anything suspicious

Don’t click on any emails or attachments you don’t recognize, and avoid suspicious websites altogether. As most of the infections come from user action – opening attachments or visiting websites, being vigilant is the most effective way to minimize damage.

Block popups

Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it’s best to prevent them from appearing in the first place.

Override your browser’s user-agent

As some exploit kits use your user-agent to tailor the write exploit for your operating system, it pays to trick them by setting the wrong user-agent  on purpose. For instance, when using Firefox on Windows, set your user-agent to say “Firefox on Linux” to confuse malware redirectors and exploits.

Use security content to detect ransomware

You’ll never entirely be able to stop people from opening a malicious email and being tricked into clicking on a phishing link. That act can open a single file that begins acting like a worm and starts propagating through your IT infrastructure or through that of your organization and wreak havoc. It’s critical to have great content so you can start detecting these bugs and squash them before it becomes a problem.

Solid threat intelligence is key

It’s critical that you know who your adversaries are – who these groups are, what ransomware they’re using and what versions, as well as what command and control infrastructure is being used by various groups that are making those calls. It’s also important to understand what the indicators of compromise are so you can set up security content to detect it as your system is being infected.

Don’t underestimate the value of continuous monitoring

Look at security vendors with a “products + services” approach. Market-leading security technologies are critical but combined with 24×7 monitoring by security experts is the best approach to securing your IT infrastructure and stopping threats like ransomware. If you have an 9-to-5 business and no one is watching your shop at night, that’s a lot of hours for a malicious bug to move through your IT infrastructure.

Have a robust, in-depth backup plan

Before your company is attacked by ransomware, it is important to have an existing backup plan in place so you can access your data. It’s imperative that an organization’s backup strategy include offline backup, this may require manual processes, but any online backups will be encrypted by attackers, making it useless to the victim. Know the pain points of restoring and recovering data, and make sure that your plan accounts for those pain points. It is important to classify your systems and data when creating your backup plan. Keep in mind which systems and data are most important to your organization and put extra care around the most critical systems in your infrastructure.