Ransomware and other malware will continue to evolve through 2017 and into 2018. So how can you block ransomware to keep these threats from impacting your organization?
- Use multiple layers of security: antivirus software is not enough anymore. However, it remains an essential component of a multi-layered approach to security. A layered defense strategy protects new and known malicious activity by incorporating network-, host-, and endpoint-based tools that monitor for suspicious activity and events across the entire attack continuum — before, during, and after a breach attempt occurs.
- Always be aware: adopt a “human firewall” mindset in which employees are instructed on what types of phishing emails or social engineering tactics they should avoid responding to; maintain proper patching for all systems; secure software configurations; and never click on suspicious links or open attachments in emails.
- Secure your web gateway: make sure you are using an advanced web filtering solution to detect phishing campaigns, watering holes, exploit kit-based attacks, and other malicious sites before they strike. A blacklist of millions of spam, malware, and phishing URLs is automatically added to the threat intelligence data feeds offered by most leading security vendors today. This allows organizations to ensure that their email gateway appliances will block emails containing links or attached files before reaching the mail server. The same approach should be used with endpoint protection platforms (EPPs). When dealing with threats that a local connection to execute the final payload and compromise the endpoint, organizations need to make sure that their EPP has a blacklist of known malicious URLs included in its threat intelligence data feed.
- Back up your data: make sure you have regular backup systems in place for all critical data and ensure you test them regularly with accurate restores (i.e., with out-of-band verification). If block ransomware strikes, administrators will need to refer to their backups before reformatting affected machines to resume business operations quickly. Antivirus software alone cannot help against the effects of malware already present on an infected machine or network unless used in conjunction with a virtual sandbox where unknown files can be tested for malware signatures before execution on the actual systems.
- Patch your systems: install critical updates for applications and operating systems on time, and monitor them regularly to ensure they are kept up to date and don’t contain any vulnerabilities. When dealing with ransomware, it is always better to be safe than sorry, so implement best practices through patch management infrastructure and keep third-party software updated.
In conclusion, ransomware has come a long way, and while we may not be able to block it 100%, following the tips listed above will certainly help reduce the impact of these attacks.
