Ransomware is on the rise and here to stay
There has been a surge in ransomware incidents globally, and the latest ‘Wanna’ ransomware attacks also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r spread like wildfire across the globe, impacting various businesses in ASEAN.
Ransomware is a key threat today as it continues to evolve with the introduction of numerous ransomware variants. For example, there were unique aspects to the WannaCry attack compared to typical ransomware infections which happens when a victim clicks on a malicious email attachment or link.
In the WannaCry attack, the malware was able to exploit a Microsoft Windows remote code execution (RCE) vulnerabililty that allowed it to infect unpatched machines without users having to do anything, which is also why the infection could easily and rapidly spread worldwide.
A Sophos investigation showed a three-pronged attack; starting with remote code execution and the malware gaining advanced user privileges. From there, the payload was unpacked and executed. Once computers were hijacked, it encrypted documents and displayed ransom notes.
The WannaCry attack is truly a wake-up call for organisations to re-double efforts to get their basics right in security, especially for companies still using Windows XP as they are particularly susceptible to this sort of attack.
Sumit Bansal, Director for ASEAN & Korea at Sophos shares the best practices in protection against ransomware.
Recommended best practices:
- Backup files regularly and keep a recent backup copy off-site. Encrypt the backup for an additional layer of protection.
- Do not enable macros to open attachments that are sent via email, as this is how infections are spread.
- Be cautious about unsolicited attachments and refrain from opening it.
- Patch early and patch often, even if you’re using an unsupported version of XP, Windows 8 or Windows Server 2003
- Use Sophos Intercept X which is highly effective in stopping ransomware in its tracks. For non-business users, register for Sophos Home Premium Beta which provides a free 1-year subscription.
Sophos Intercept X is a next-generation endpoint protection solution that combines the following four critical security components that stop zero-day malware, unknown exploit variants, stealth attacks and protects against previously unknown ransomware within seconds.
- Signatureless Threat and Exploit Detection: Anti-malware and anti-hacker defense that blocks zero-day, unknown and memory resident attacks and threat variants without the need for file scanning
- CryptoGuard: Anti-ransomware innovation that identifies and intercepts malicious encryption activity, blocks ransomware before it can lock and cripple systems and can roll back maliciously encrypted files to their pre-attack state
- Root Cause Analytics: A 360 degree visual analysis of attack events that shows where the attack came in, what it affected, where it may have stopped and recommended actions to prevent a similar attack in the future
- Sophos Clean: Powerful utility that hunts for and removes any trace of spyware and deeply embedded, lingering malware
More than 100 million users in 140 countries rely on Sophos’ advanced security solutions as the best protection against sophisticated threats and the loss of valuable data. Simple to deploy, manage and use, Sophos’ portfolio of next-generation endpoint and network security solutions protect against zero-day exploits, ransomware and persistent coordinated attacks that are prevalent today. With innovations such as synchronized security that enables products to directly share threat and status intelligence and a cloud-based central management platform to simplify deployment and management, Sophos is changing the way organizations of all sizes approach their IT security needs. Sophos’ award-winning encryption, endpoint security, Web, email, mobile and network security solutions are backed by SophosLabs – a global network of threat intelligence centers. Sophos is headquartered in Oxford, UK, and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com