SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Ransomware: Easy to get hit, hard to stop and costly to recover
Thu, 23rd Jun 2016
FYI, this story is more than a year old

Ransomware is shaping up to be the ‘malware du jour' for 2016. Why? Because it is profitable for cyber-crooks. And it's not that difficult to deploy. According to, Cryptowall, a ransomware application, generated over US$30 million in a short time for criminals. The criminal marketplace (yes, ransomware is sold and traded within the DarkWeb) provides a wide range of choices and varieties of ransomware, with many variants popping up on a daily basis. Clearly, you need to be more vigilant than ever to keep ransomware out of your network.

Why is ransomware so difficult to stop?

The first reason is distribution. “Most ransomware infects its victims via phishing attacks,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand's largest distributor of Fortinet's cyber security solutions. “Phishing attacks are the most common method of infection and come in a wide range of delivery methods such as drive-by downloads, compromised websites and malvertising. Malvertising occurs when malicious sources distribute malware to hundreds of websites hosting ads for revenue.

The second reason is Ransomware's very nature. “Most ransomware is polymorphic in nature,” he continues. “From the perspective of computer code and analysis, it is always changing. Anti-virus software traditionally looks for known threats and patterns. But since ransomware is always reinventing itself, it can sneak past most AV solutions.

How do you protect yourself against ransomware?

“Ransomware is like any other malware,” says Khan, “and can be stopped by both policy and technology. Here are ten basic rules that you can adopt to keep you network safer from ransomware.

1.  Develop a backup and recovery plan. Back up your systems regularly and store that backup offline on a separate device.

2.  Use professional email and web security tools that analyse email attachments, websites and files for malware. Your solution should block potentially compromised advertisements and social media sites that have no business relevance. These tools should include sandbox functionality, so that new or unrecognised files can be executed and analysed in a safe environment.

3.  Keep your operating systems, devices and software patched and updated.

4.  Make sure that your device and network antivirus, IPS and anti-malware tools are running the latest updates.

5.  Where possible, use application whitelisting, which prevents unauthorised applications from being downloaded / executed.

6.  Segment your network into security zones so that an infection in one area cannot easily spread to another.

7.  Establish and enforce permissions and privileges so that the fewest number of users have the potential to infect business-critical applications, data or services.

8.  Establish and enforce a BYOD security policy which can inspect and block devices which do not meet your standards for security (no client or antimalware installed, antivirus files are out of date, operating systems need critical patches, etc.)

9.  Deploy forensic analysis tools so that after an attack you can identify a) where the infection came from, b) how long it has been in your environment, c) that you have removed all of it from every device, and d) that you can ensure it doesn't come back.

10.  Do NOT count on your employees to keep you safe. While it is still important to up-level your user awareness training so employees are taught to not download files, click on email attachments, or follow unsolicited web links in emails, human beings are the most vulnerable link in your security chain and you need to plan around them.

“Keeping safe in an unsafe world takes time, expertise and a lot of hard work,” concludes Khan. “But it's not impossible. If you have any questions or want to upgrade your defences to protect your network, give us a call.  We'll quickly ascertain your requirements and put you in touch with one of our Partner specialists who can help you move forward and stop these crooks cold.

For further information, please contact:

Andrew Khan, Senior Business Manager Email: M: 021 819 793

David Hills, Solutions Architect Email: M: 021 245 0437

Hugo Hutchinson, Business Development Manager Email: P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager Email:  M: 021 241 6946