In our previous blog, we looked at what ransomware is, and why it’s such a significant security risk to organizations. Here, we will look at how you can stop it.
One of the challenges in mitigating ransomware is how quickly it can encrypt large numbers of files, rendering them inaccessible and stopping the normal flow of work. The damage is often already done by the time the infection has been detected. Organizations are then faced with removing the infection and trying to restore files from backups to recover.
Under absolutely no circumstances should the ransom be paid. If you pay the ransom you will open up yourself or the organization to becoming a key target for wider attacks, and there is absolutely no guarantee that your files will actually be decrypted. After all, would you rely on a criminal’s promise?
As mentioned in part one of this blog, there are security controls that can be implemented to help mitigate the impact of an attack.
The first line of defense is usually email or spam filtering, then a corporate anti-virus solution. While these do play a key role, a targeted attack may be able to get around these products. Rather than tagging ransomware to emails, attackers will embed the ransomware in a website and circulate the link by email.
Ransomware attackers are also adopting two-stage attack methods in which the user is targeted with an innocuous document containing a macro, which when activated downloads the malicious ransomware from the web. In many cases, the macro cannot be detected by conventional products, making it a particularly insidious form of attack.
Staff education and training is absolutely critical within organizations of all sizes to ensure that knowledge of attacks is shared. Employees can be educated to watch out for the tell-tale signs and flags of a potential ransomware infection, whatever the delivery mechanism. This can be aided massively by a simulated and targeted attack against your organization.
SureCloud cybersecurity experts have developed a simulated ransomware attack service, which mimics a real threat but is completely harmless. SureCloud’s Simulated Ransomware Service triggers two main actions if a machine is successfully infected. First, the ransomware performs harmless actions that trigger advanced behavioral analysis checks, then displays a typical ransomware message to test if an employee attempts to make a payment.
Organizations will be able to:
Overall, organizations will be far better prepared to detect, stop and react to ransomware attacks – without waiting to be held to ransom.
SureCloud also offers a wide range of Cybersecurity testing and assurance services, where we stay with you throughout the entire test life-cycle from scoping through to vulnerability discovery and remediation. Certified by the National Cyber Security Centre (NCSC) & CREST and delivered using the innovative Pentest-as-a-Service (underpinned by a highly configurable technology platform), SureCloud acts as an extension of your in-house security team and ensures you have everything you need to improve your risk posture.