COMMENT
T
his spurt in ransomware attacks
can be attributed to three key
reasons. The first driver is the
syndication of the activity into ransom
as a service with offers of revenue
sharing to operatives facing the target
recipients. The second driver is the
development of polymorphism in
ransomware generating a unique threat
signature for each attack. And the third
driver is the increasing sophistication
within the malware, widening the scope
of damages.
With Middle East organisations
becoming a target for Ransomware
attacks, it is incumbent on the C-suite
to take action and ensure that their
data and organisations are not held
ransom.
Remediation strategies for
each stage
Ransomware attacks occur in five
stages – distribution, infection,
communication, encryption and
demand. So it is only logical that there
should be prevention and remediation
strategies for each of these stages.
24
INTELLIGENTCIO
THE MOST-PROACTIVE
METHOD OF PROTECTING
A NETWORK FROM
RANSOMWARE ATTACK
(OTHER THAN THE
HUMAN FIREWALL) IS
TO KEEP RANSOMWARE
FROM REACHING THE
ENDPOINT IN THE FIRST
PLACE. CONSIDER
A WEB-FILTERING
TECHNOLOGY
Distribution stage
Build a “human firewall”: The biggest
threat is users who let the ransomware
on their endpoints. People are the
weakest link. Organizations need to
make sure that all employees from
the CEO down, understand both how
ransomware works as well as the
ramifications of an attack.
Stop ransomware before the endpoint:
The most-proactive method of
protecting a network from ransomware
attack (other than the human firewall)
is to keep ransomware from reaching
the endpoint in the first place. Consider
a web-filtering technology.
Apply all current operating system
and application patches: Many
ransomware strategies take advantage
of vulnerabilities in the operating
system or in applications to infect an
endpoint. Having the latest operating
system and application versions and
patches will reduce the attack surface to
a minimum.
Spam filtering and web gateway
filtering: Again, the ideal approach is
to keep ransomware off the network
and the endpoint. Spam filtering and
web gateway filtering are great ways to
stop ransomware that tries to reach the
endpoint through malicious IPs, URLs,
and email spam.
Allow only whitelisted items to execute:
Use an “application control” method
www.intelligentcio.com