Foiling the Phish with Email FiltersTo protect against ransomware, organizations must invest in anti-phishing tools. That's because ransomware often piggybacks off of phishing attacks and spam email attachments. Computer security researcher David Balaban understands the close relationship between ransomware and phishing, which is why he recommends organizations instruct their employees to avoid falling for phishing scams:
"Most ransomware infections come from spam and malicious attachments. So ad hoc security awareness training program for employees is very important here. Instructors should emphasize the risks associated with suspicious email attachments, including rogue documents with macros."Of course, training only goes so far, especially in light of how phishing attacks continue to grow in number and sophistication. In response to that concern, Balaban feels organizations should supplement their training with anti-phishing technology such as email filters:
"Implementing several email filters to block spam and emails with executable attachments is an effective countermeasure."
Anti-Malware Strategies Begin with PatchingPhishing attacks and spam mail aren’t the only distribution vectors for ransomware. Exploit kits like RIG also play an active part in spreading crypto-malware around. Unlike phishing scams, exploit kits don't rely on social engineering techniques. They instead scan computers for unpatched software vulnerabilities. If they find a juicy bug, they exploit it and leverage that attack to infect the vulnerable computer with ransomware. How can organizations defend themselves against these malicious software packages? Matthew Pascucci, security architect, privacy advocate, and security blogger, says the best defense against exploit kits is a robust endpoint security posture centered around patching:
"Companies need to review their endpoint security and determine if their anti-malware and endpoint security is up to par. This includes patching, configuration changes via GPO, etc."Exploit kits thrive on unpatched software. With that being said, if they stay on top of software patches, organizations might still run into exploit kits every so often. But RIG and its buddies won't be able to find a flaw they can exploit, which means they won't be able to infect a computer with ransomware.
When All Else Fails, Back Up Your DataLet's face it: we can't protect against every IT security threat. No matter how many defenses we might have in place, sometimes things slip past and enter our network. A well-crafted phishing email might make it past our employees, for example, or an exploit kit might abuse a zero-day vulnerability on a targeted computer. In those types of scenarios, it's useful for organizations to have thought ahead and invested in ransomware preparedness by backing up their critical data. Travis Smith, senior security research engineer at Tripwire, couldn't agree more:
"In the event of a ransomware infection, businesses may be forced with a financial decision to determine if a ransom should be paid or not. By having backups of critical data, businesses can easily restore encrypted files back to their former glory. However, backup procedures should be tested regularly to ensure the data being backed up is valid. Continuous testing of these procedures drives the overall cost of restoring data down to a point which can be lower than the typical ransom."No one ever wants to use their data backups. But a working data recovery plan could save companies a lot of time and money in the event of a ransomware attack.