Security Concerns :: Ransomware
Working for a security consultancy/MSSP business, I come across a lot of customers who in the past have gone to companies seeking advice on a particular security threat that is getting more media attention at that particular moment. More often than not, the “Security Expert” (salesman…) sells them a device; promising them it will fix all their issues and protect them from any number of security threats. Now I’m not saying all people fall for this trick, I would certainly hope a majority don’t – but a lot of businesses are making a living from this practice. Worst yet, most of the businesses deploying this method aren’t even aware that they are not in fact helping the customer – that’s because they will spend a considerable amount of time with vendors telling them they can solve all their issues with one solution. Unfortunately this is not the case for a large proportion of threats, of which Ransomware is one – and there are some basic things you can do before looking in to further solutions to protect you. In fact, there are a number of security threats that can be prevented/recovered from using the below points:
- Patching: May seem like a basic premise, but countless pen tests/security assessments/vulnerability scans have brought up issues with systems that are vulnerable simply because they are running an unpatched OS or piece of software. You will often hear in the news of hacks/exploits that have occurred due to old-vulnerable versions of software, that could have been prevented through timely updates/patching.
- Concept of Least Privilege: Unfortunately this isn’t necessarily a water tight solution in itself, but some malware/ransomware and other threats will require admin rights in order to compromise your system. If you’re not familiar with this concept, please read up and consider implementing it across your environment. From a high level, it’s basically ensuring you always use an account with the minimum set of privileges you need to perform a given task; for example, you wouldn’t use a domain admin account just for creating a word document or sending an email.
- Educating Users: Many users will have heard “don’t click on suspicious emails” before – but it’s not good enough to tell your users once and expect them to practice this every day. You need to constantly remind your users and inform them of what to look out for – at least every 3-6 months. Another good way to test your users is to run a phishing campaign against them. It’s not too difficult to do this yourself (we have a blog post detailing how you can do this) but you can also get assistance from any number of security professionals who will help you do this.
- West/East Traffic and Segmentation: It’s not possible to protect yourself 100% – so in the event you do get compromised, you want to prevent the spread. Now there are solutions out that that will promise to alert you to infections and inform you, allowing you to isolate the infected host in a timely manor, but as a backup to this, it’s worth segmenting networks and also filtering traffic from East to West (where North to South is internal to internet).
- AntiMalware: May seem like a simple answer, but when a strain of Ransomware is discovered, AV/AM vendors will create signatures for them to protect you. Now this won’t help from a zero-day front, but it will assist with the 99% of known variants. This should be deployed on each endpoint and on the perimeter.
- Backup: This is more a recovery point than a prevent point – but in the event that you do have a mass infection of devices and you lose important data, it is vital that you have regular backups that are also protected themselves. This will at least give you a reasonable point to restore to, should you need it.
- Products/Solutions: Now, once the above methods are deployed, you may actually want to look in to solutions to assist with the prevent of Ransomware. But really, if you don’t have the above implemented then you will not get the full benefit of additional solutions. Two of the solutions worth exploring are Email Security and Sand Boxing. A lot of the major firewall vendors will offer a sandboxing solution, though there are also dedicated solutions available.
I hope you have found this post useful – remember to take a look at some of our other posts while your here!