Since encrypting ransomware has proven extremely lucrative, we believe it will be an unfortunate fact of life for years to come. This means you need to protect yourself. Fortunately, you can. Here’s how:
1. Keep backups! Backup media are cheap now: a $20 thumb drive can save plenty of precious files and images. Nowadays, there are plenty of easy-to-use online options, too. Remember two important points, however.
First, most current ransomware will attempt to encrypt files on all connected drives you can access, even across the network. If you leave your backup drive permanently connected, it might encrypt your backed-up files, too. If possible, disconnect that drive when your backup is complete. (Ideally, you should store it off-premise or, failing that, in a secure location on-premise.)
Second, if you use an online backup service, keep in mind that most of these services automatically check to retrieve the latest versions of your files. If the latest version has been encrypted, it might replace your usable file with the encrypted version — and that won’t do you any good. Check to see if your service offers the option to store the last several versions: this will help you preserve copies you can actually use.
2. Patch, patch, patch. The vast majority of vulnerabilities used to deploy ransomware are old. Patches exist for them. Make sure you have a system (preferably automated) for deploying them. If the underlying software (e.g., Windows XP, Office 2003) is no longer being patched, maybe it’s time to upgrade.
3. Use stricter access controls and user privileges. Simply telling Windows that programs can’t run from your AppData folder will halt plenty of malware in its tracks. Restrict write permissions on file servers as much as possible, and don’t give people more rights than they need. Use administrative accounts sparingly, and when user roles change, adjust their permissions. If your users aren’t admins, ransomware can only encrypt their own files. If they are admins, ransomware can roam your network encrypting everything their accounts can access.
4. Stop spam. Anti-spam software is frontline defense. Tools like Sophos Secure Email Gateway aren’t quite perfect, but they’re stunningly good at blocking messages with links to websites infected with exploit kits that deliver drive-by downloads.
5. Use advanced web, network, and endpoint protection. Before ransomware can do its dirty work, it must contact a live command and control server. Up-to-date next-generation firewalls such as the Sophos UTM can help block that. So can today’s best client antimalware software. Sophos’s next-generation endpoint protection offers Malicious Traffic Detection (MTD) that goes wherever you go, detecting and stopping malware when it connects to attackers’ servers.
6. Keep anti-malware up to date. Best-in-class client anti-malware software such as Sophos Endpoint Protection, kept up to date, can usually detect and block ransomware executables before they ever run. Features like host-based intrusion prevention system (HIPS) offer an additional line of defense, recognizing patterns of behavior associated with malicious applications.
7. Make sure you’ve actually turned on the security features you’ve paid for. (This may sound obvious, but you’d be surprised!) For example, if you’re using Sophos Endpoint Protection managed by the Sophos Enterprise Console, enable Live Protection, HIPS Behavior Monitoring, and Web Protection.
8. Immediately isolate infected devices. If one user finds that the files on their computer have been encrypted, immediately remove that computer from the network until it has been fully cleaned.
9. Continue educating your users. For example, remind them not to open unexpected file attachments, and to contact IT if they encounter a file or computer behavior that seems suspicious.
The Best Defense: Next-Generation Enduser Protection
Next-Generation Enduser Protection is the integration of Sophos’s innovative endpoint, mobile and encryption technologies to deliver better protection and simpler management. From malicious traffic detection integrated into the endpoint to cloud-managed policies that follow users across devices and platforms, we’re redefining what it means to provide comprehensive enduser security. And as we continue to innovate, you’ll benefit, as it becomes easier than ever to provide sophisticated protection for your users and data.
Source: A Sophos Whitepaper February 2015, CryptoLocker, CryptoWall and Beyond: Mitigating the Rising Ransomware Threat, By Chester Wisniewski, Senior Security Advisor
Get your free trial of Next-Gen Enduser Protection for your business, visit >> sophos.com/ngeup
Contact us here for free consultation for your Data Protection & Security, and Secure Auto-BackUp Solution by NAS.
#Sophos #Firewall #Ransonware #Wannacry