In our previous blog, we looked at what ransomware is, and why it’s such a significant security risk to organizations. Here, we will look at how you can stop it.
Mitigating Ransomware
One of the challenges in mitigating ransomware is how quickly it can encrypt large numbers of files, rendering them inaccessible and stopping the normal flow of work. The damage is often already done by the time the infection has been detected. Organizations are then faced with removing the infection and trying to restore files from backups to recover.
Never Pay the Ransom
Under absolutely no circumstances should the ransom be paid. If you pay the ransom you will open up yourself or the organization to becoming a key target for wider attacks, and there is absolutely no guarantee that your files will actually be decrypted. After all, would you rely on a criminal’s promise?
As mentioned in part one of this blog, there are security controls that can be implemented to help mitigate the impact of an attack.
The first line of defense is usually email or spam filtering, then a corporate anti-virus solution. While these do play a key role, a targeted attack may be able to get around these products. Rather than tagging ransomware to emails, attackers will embed the ransomware in a website and circulate the link by email.
Ransomware attackers are also adopting two-stage attack methods in which the user is targeted with an innocuous document containing a macro, which when activated downloads the malicious ransomware from the web. In many cases, the macro cannot be detected by conventional products, making it a particularly insidious form of attack.
Staff Education and Training
Staff education and training is absolutely critical within organizations of all sizes to ensure that knowledge of attacks is shared. Employees can be educated to watch out for the tell-tale signs and flags of a potential ransomware infection, whatever the delivery mechanism. This can be aided massively by a simulated and targeted attack against your organization.
How can SureCloud help?
SureCloud cybersecurity experts have developed a simulated ransomware attack service, which mimics a real threat but is completely harmless. SureCloud’s Simulated Ransomware Service triggers two main actions if a machine is successfully infected. First, the ransomware performs harmless actions that trigger advanced behavioral analysis checks, then displays a typical ransomware message to test if an employee attempts to make a payment.
The Benefits
Organizations will be able to:
- Have visibility of how likely they are to be successfully compromised via a targeted and focused attack.
Identify where current controls are ineffective at preventing and/or detecting an attack, whether those be procedural or technical. - See what could be encrypted should a real attack occur and deploy more restrictive permissions to stop the spread in a real attack.
- Test, identify and ensure that the incident response processes are effective and where areas of improvement are required.
Overall, organizations will be far better prepared to detect, stop and react to ransomware attacks – without waiting to be held to ransom.
About SureCloud
SureCloud is a provider of cloud-based, Integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk.
SureCloud also offers a wide range of Cybersecurity testing and assurance services, where we stay with you throughout the entire test life-cycle from scoping through to vulnerability discovery and remediation. Certified by the National Cyber Security Centre (NCSC) & CREST and delivered using the innovative Pentest-as-a-Service (underpinned by a highly configurable technology platform), SureCloud acts as an extension of your in-house security team and ensures you have everything you need to improve your risk posture.