sb-nz logo
Story image

Ransomware: Easy to get hit, hard to stop and costly to recover

23 Jun 2016

Ransomware is shaping up to be the ‘malware du jour’ for 2016. Why? Because it is profitable for cyber-crooks. And it’s not that difficult to deploy. According to Geek.com, Cryptowall, a ransomware application, generated over US$30 million in a short time for criminals. The criminal marketplace (yes, ransomware is sold and traded within the DarkWeb) provides a wide range of choices and varieties of ransomware, with many variants popping up on a daily basis. Clearly, you need to be more vigilant than ever to keep ransomware out of your network.

Why is ransomware so difficult to stop?

The first reason is distribution. “Most ransomware infects its victims via phishing attacks,” says Andrew Khan, Fortinet Senior Business Manager at Ingram Micro, New Zealand’s largest distributor of Fortinet’s cyber security solutions. “Phishing attacks are the most common method of infection and come in a wide range of delivery methods such as drive-by downloads, compromised websites and malvertising. Malvertising occurs when malicious sources distribute malware to hundreds of websites hosting ads for revenue.”

The second reason is Ransomware’s very nature. “Most ransomware is polymorphic in nature,” he continues. “From the perspective of computer code and analysis, it is always changing. Anti-virus software traditionally looks for known threats and patterns. But since ransomware is always reinventing itself, it can sneak past most AV solutions.”

How do you protect yourself against ransomware?

“Ransomware is like any other malware,” says Khan, “and can be stopped by both policy and technology. Here are ten basic rules that you can adopt to keep you network safer from ransomware.”

1.  Develop a backup and recovery plan. Back up your systems regularly and store that backup offline on a separate device.

2.  Use professional email and web security tools that analyse email attachments, websites and files for malware. Your solution should block potentially compromised advertisements and social media sites that have no business relevance. These tools should include sandbox functionality, so that new or unrecognised files can be executed and analysed in a safe environment.

3.  Keep your operating systems, devices and software patched and updated.

4.  Make sure that your device and network antivirus, IPS and anti-malware tools are running the latest updates.

5.  Where possible, use application whitelisting, which prevents unauthorised applications from being downloaded / executed.

6.  Segment your network into security zones so that an infection in one area cannot easily spread to another.

7.  Establish and enforce permissions and privileges so that the fewest number of users have the potential to infect business-critical applications, data or services.

8.  Establish and enforce a BYOD security policy which can inspect and block devices which do not meet your standards for security (no client or antimalware installed, antivirus files are out of date, operating systems need critical patches, etc.)

9.  Deploy forensic analysis tools so that after an attack you can identify a) where the infection came from, b) how long it has been in your environment, c) that you have removed all of it from every device, and d) that you can ensure it doesn’t come back.

10.  Do NOT count on your employees to keep you safe. While it is still important to up-level your user awareness training so employees are taught to not download files, click on email attachments, or follow unsolicited web links in emails, human beings are the most vulnerable link in your security chain and you need to plan around them.

“Keeping safe in an unsafe world takes time, expertise and a lot of hard work,” concludes Khan. “But it’s not impossible. If you have any questions or want to upgrade your defences to protect your network, give us a call.  We’ll quickly ascertain your requirements and put you in touch with one of our Partner specialists who can help you move forward and stop these crooks cold.”

For further information, please contact:

Andrew Khan, Senior Business Manager Email: andrew.khan@ingrammicro.com M: 021 819 793

David Hills, Solutions Architect Email: david.hills@ingrammicro.com M: 021 245 0437

Hugo Hutchinson, Business Development Manager Email: hugo.hutchinson@ingrammicro.com P: 09-414-0261 | M: 021-245-8276

Marc Brunzel, Business Development Manager Email: marc.brunzel@ingrammicro.com  M: 021 241 6946

Story image
SecOps opens new Cyber Defence Operations Centre in Auckland
Privacy Commissioner John Edwards officially opened the centre this week, recognising SecOps’ efforts to provide managed security services to New Zealand businesses.More
Story image
The most popular usernames of all time revealed
Interestingly, usernames one would think might be quite common, such as admin or user, did not make the list of the 200 most popular usernames.More
Story image
NortonLifeLock introduces dark web monitoring to its security suite
Dark Web Monitoring Powered by LifeLock will be capable of monitoring the dark web, searching for over 120 personal identifiable information including email, physical address, phone number, driver licence number, credit card or bank account numbers and gamer tags.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More