WannaCry, the massive ransomware attack that quickly spread across 150 countries and infected more than 300,000 computers in May, was stopped relatively quickly. But even weeks after a security researcher deactivated the attack, the same malware strain continued to scan networks and look for the same vulnerabilities.
With ransomware virus threats continuing to grow, this will continue to be at the top of mind for IT. But what about your organization? Are you sure you’re doing everything you can to protect your business from a ransomware virus?
How Ransomware Works
A ransomware infection often starts with an exploit kit that identifies software vulnerabilities, such as unpatched security flaws on endpoints. The exploit kit may be delivered through a phishing email containing malicious attachments or links. In the case of WannaCry, the culprit was not phishing, but rather, a set of NSA cyber espionage tools leaked by the secretive group, the Shadow Brokers.
After the initial payload exploits a system and analyzes its environment, the ransomware is delivered and a “callback” is made to the ransomware infrastructure to retrieve keys for encrypting the endpoint.
Once a computer is compromised, the user cannot access its contents without paying a ransom or restoring the system from a backup. But a backup in and of itself is not enough to fully protect systems against a ransomware infection. A comprehensive ransomware defense strategy includes:
- Backing up all data. Make sure your data is not only backed up regularly, but also has a system-state backup or snapshot.
- Patching systems regularly. Ransomware attackers frequently target systems running outdated software with known vulnerabilities. Patching software vulnerabilities as soon as fixes are available is the best way to prevent your system from being exploited. Case in point: Microsoft created a patch available for the vulnerability exploited by WannaCry months before the attack.
- Educating employees. The weakest link in a security defense is human. Educate users on various social engineering threat techniques —like phishing, for example — to protect them from falling prey.
- Layered security. A layered security approach with technology such as next-generation firewalls and intrusion prevention systems (IPS) removes single points of failure, enabling you to enforce security measures at multiple areas of your network.
- Network segmentation. Limiting the resources attackers can access will help protect your network from a broader infection.
- Monitor network activity. You need visibility to know what to protect.
- Protect endpoints. In the age of BYOD, cloud computing and the IoT, you need a solution that gives you visibility into the security of all devices that connect to your network.
- Use real-time threat intelligence. Big data-driven threat intelligence arms you with knowledge about real-time threats, enabling you to proactively defend your organization.
In addition to taking these steps, it helps to work with an experienced IT security solutions provider, like OneNeck, with the skilled resources to keep up with constant changes on the ransomware landscape and technology to bolster your defenses.