Combatting the Ransomware Epidemic Requires Layered Security
Things move pretty fast in the cyber security space. A year ago, there were many CISOs and security managers who might not have even heard of ransomware. That’s certainly not true today. It has fast become one of the biggest concerns for anyone working in IT security, and rightly so. The cyber extortionists behind this rapidly spreading online epidemic are constantly adapting their tactics.
That’s why, to mitigate the risk of infection as effectively as possible, Trend Micro recommends organizations take a layered approach to security – from the gateway to the network, server and endpoint.
What is ransomware?
Quite simply, it’s a kind of malware which makes your corporate data and systems inaccessible. It does this either by locking PCs or more commonly encrypting the data in a way that is practically unrecoverable – forcing the individual or company to pay a ‘ransom’ to regain access. The scale of the problem is simply huge. Between October 2015 and April this year, Trend Micro had blocked 99 million ransomware threats. And that’s just protecting our customers – the true volume of actual ransomware infections could be many times this figure.
People may be used to ransomware as a consumer problem, but it’s not just consumers affected now. Ransomware has moved on to organizations. A ransomware infection is particularly damaging for an organization because it literally renders some or all corporate data unusable. The implications are obvious: business disruption, lost productivity and brand/reputation damage on a massive scale. In February it was reported that the Hollywood Presbyterian Medical Center declared an “internal emergency” after just such an attack – which forced staff to return to fax machines and pen and paper and even led to the cancellation of treatment for patients.
Defense in depth
Tools exist to unlock certain strains of ransomware, but IT managers can’t assume they will work. And there’s no guarantee that even paying the ransom will result in your files being unlocked. The key is to block the malware before it even reaches the organization – through layered security.
Why does it need to be layered? Because the malware-writers are constantly adapting their code to bypass filters and target different parts of the IT environment. You may have email gateway protection, for example, but what if one of your employees visits an infected webpage? Likewise, the black hats are also beginning to target their malware at server infrastructure via variants such as SAMSAM. In short, there is no silver bullet to preventing this cyber threat – it’s all about mitigating risk as effectively as possible, by putting more checks and blocks in the way.
Trend Micro recommends protection at the following points:
1) Email and Web Gateway
This will give you a good chance of preventing most ransomware from reaching your users – whether that’s via a phishing email or a malicious website. Remember that even if you use a cloud-based email platform like Microsoft 365 with its own built-in security it’s a good idea to bolster this with additional protection from a third party provider. Seek out solutions which at the very least offer:
Malware scanning and file risk assessment
Sandbox malware analysis
Document exploit detection
At the web gateway, you’ll need real-time web reputation, sandbox analysis and the ability to scan for zero-day and browser exploits.
A small percentage of ransomware threats might make it through the web/email gateway protection. That’s why it’s important to include endpoint security which monitors for suspicious behavior, enforces application whitelists and features vulnerability shielding to protect against unpatched vulnerabilities that ransomware often takes advantage of.
Ransomware can also get in to the organization and spread via other network protocols. So put in place network security with advanced detection capabilities across all traffic, ports and protocols to stop it infiltrating and spreading.
This is where most of your critical enterprise data resides, so it’s essential to ensure any unpatched vulnerabilities are protected from ransomware via virtual patching. Choose a security solution which can monitor for lateral movement and file integrity.
Remember also that security solutions are only part of the answer to risk mitigation. Think also about improving user education so employees avoid opening suspicious emails; network segmentation to reduce the spread of malware inside the organization; and automated back-up – with one media offline so that if the worst happens, it won’t also be infected.
Get protected with ransomware protection from Trend Micro, to learn more visit http://www.trendmicro.com/enterprise-ransomware.
# # #
About Trend Micro
Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Built on 27 years of experience, our solutions for consumers, businesses and governments provide layered data security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. All of our solutions are powered by cloud-based global threat intelligence, the Trend Micro™ Smart Protection Network™ infrastructure, and are supported by more than 1,200 threat experts around the globe. For more information, visit TrendMicro.com