All About Ransomware

What Can Be Done?

Before committing funds to new technologies (software/hardware) or engaging a security expert, the best place to start is to “clean your house”.

  1. Review and take stock of all the devices within your organisation that are capable of having an Internet connection and ensure the relevant patches/updates are applied, using a best practice’s approach
  2. Increase staff awareness through education and/or training

Ransomware is predominantly propagated via email; therefore, the users of technology must be the last line of defence.  The overall IT infrastructure can be secured with the best technology, however, in most if not all situations, it will come down to people, armed with the correct information making good decisions.

For more information regarding ransomware feel free to contact us.

Review Existing Technology

The following offers a guideline of devices and the associated best practices’ approach:

  • Routers/Firewalls
    • Check vendor guidelines for latest security patches for firmware
    • Ensure devices are configured according to industry standards
  • Workstations
    • Check vendor guidelines for latest security patches for firmware
    • Ensure Windows Updates are applied on a regular basis
    • Ensure antivirus is up to date
    • Review local administrator group membership to ensure relevancy
    • Ensure there is a suitable backup strategy and retention of critical workstations
  • Servers
    • Check vendor guidelines for latest security patches for firmware
    • Ensure Windows Updates are applied on a regular basis
    • Ensure antivirus is up to date
    • Review local and domain administrator group membership to ensure relevancy
    • Ensure there is a suitable backup strategy and retention of all Servers

Consider New Technology

There is no 100% guarantee of protection against any cyber threat, all that can be done is to add as many security barriers (based on a budget) between your systems/data and the cyber criminals. Once the house is clean, staff are educated and awareness is heightened, there are tangible technologies that can be considered to provide a more holistic protection.

Ransomware is typically delivered via email; therefore, the critical points to protect are at the Gateway (point of entry) and End Points (destination):

  • Gateway
    • Consider anti-spam solutions to monitor/filter email traffic
    • Consider Advanced Threat Protection (ATP) services, in addition to anti-spam. ATP sends suspect emails to an isolated environment where the threat is executed/detonated, simulating the infection. Legitimate emails are passed through to the destination, while infections (or possible infections) are blocked or quarantined.
    • Consider firewall technologies with Intrusion Prevention Systems (IPS) and Advanced Malware Protection (AMP)
  • End Points
    • Ensure anti-virus is up to date
    • Consider a more focused and dedicated anti-ransomware solution, in addition to anti-virus. Anti-ransomware solutions are specifically designed to recognise and block common delivery techniques, along with root cause analysis features which provides an understanding of what the malware did before it was removed.