{"id":5800,"date":"2017-01-18T22:14:04","date_gmt":"2017-01-18T22:14:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/18\/news-15\/"},"modified":"2017-01-18T22:14:04","modified_gmt":"2017-01-18T22:14:04","slug":"news-15","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/18\/news-15\/","title":{"rendered":"3 Simple Steps To Disrupt Ransomware"},"content":{"rendered":"

\"\"<\/p>\n

I recently posted about why ransomware is such a money maker<\/a> for criminals. Read it through and I think you\u2019ll understand why this is an area of massive growth for criminals. Ransomware is one of the fastest rising attacks currently out there with no end to that growth in sight.<\/p>\n

Criminals are making a lot of money<\/a> from ransomware. What can you do to make sure that you\u2019re not another statistic?<\/p>\n

Here are the three main areas that you need to invest in to fight back:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  1. Backup, backup, backup<\/li>\n
  2. Patch ASAP<\/li>\n
  3. Key security controls<\/li>\n<\/ol>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

It might be the paranoid security professional in me speaking but I don\u2019t like relying on one layer of defense. Multiple controls are key to protecting your data.<\/p>\n

Stacking your defenses will provide strong protection for minimal investment.<\/p>\n

#1 Backup, Backup, Backup<\/strong><\/h3>\n

Ransomware is often compared to physical crime. It\u2019s easier to understand the underlying concept that way. But there is a fundamental difference that you have to remember: digital data can be copied easily for little to no expense.<\/p>\n

That can change the dynamics of the crime. In the physical real world, if criminals steal an object to hold for ransom, you no longer have the that object. If you pay up the might return it or they might simply take the money and run.<\/p>\n

In the digital world when criminals encrypt your data, they block your access to that data until you pay the ransom\u2026maybe.<\/p>\n

When ransomware first infects a system, it encrypts all of the data it can find. This effectively locks you out of your data which is the leverage the criminal needs to get you to pay a ransom. But if you have another copy of the data that you control the situation shifts in our favor.<\/p>\n

A strong backup strategy is the<\/b> first step to defending against ransomware. Your backups make the ransom demand meaningless. Now you simply have a malware infection that needs to be cleaned and a vulnerability that needs to be patched (ak<\/i>a how the criminal got in in the first place).<\/p>\n

Hard drive prices have plummeted in recent years and cloud storage is pennies a gigabyte. There is no excuse not to have a local and remote backup of all of your critical data. And yes, that goes for personal systems and large organizations.<\/p>\n

Once you\u2019ve got a regular backup\u2014or two\u2014you need to test them regularly. Backups are only useful if you can restore the data in the event of an issue.<\/p>\n

#2 Patch ASAP<\/strong><\/h3>\n

Software is inherently complex. Mistakes will be made and updates will be available. These updates usually contain important security updates that patch the very vulnerabilities that criminals take advantage of.<\/p>\n

Patching is a frustrating activity for most people and organizations but it\u2019s an important piece of your defense.<\/p>\n

How important? Year after year the Verizon DBIR states (PDF link, page 3<\/a>) that most attacks take advantage of known vulnerabilities<\/b>. These are vulnerabilities where patches were available. That means most attacks can be stopped by patching regularly!<\/p>\n

Turn on automatic updates. Do it now. For software that doesn\u2019t have an automatic update feature, make sure you\u2019re checking regularly for updates and installing them ASAP. The benefits far outweigh the possibility that the update will break something.<\/p>\n

#3 Key Security Controls<\/strong><\/h3>\n

Even with a strong backup strategy and patching immediately, there is still a strong possibility that your systems remain partially exposed. This is where 3rd party security controls come into play.<\/p>\n

To help combat against ransomware and other types of attacks, you\u2019ll want to take a layered approach to your defense:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  1. Stop incoming attacks using an intrusion prevention system<\/li>\n
  2. Try to stop infections from taking root by using anti-malware software<\/li>\n
  3. Block outbound connections to attackers infrastructure using outbound filtering<\/li>\n<\/ol>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

These three controls provide coverage for traffic as it enters your network, is processed by your endpoints, and then again when it leaves. It\u2019s a great combination of controls.<\/p>\n

No More Ransomware<\/strong><\/h3>\n

The question I get asked a lot is whether or not your should pay if you get infected by ransomware. Almost every organization\u2014including Trend Micro and the FBI<\/a> \u2014has officially stated that you should not pay a ransom.<\/p>\n

Money is the motivating factor for criminals, paying them only increases their profits with no guarantee of your data being returned.<\/p>\n

I agree with that position but also understand the difficult nature of the position you might be in after an attack of this nature.<\/p>\n

That\u2019s why it\u2019s critical that you make a small investment now to ensure that you have backups in place, patch regularly, and have basic security controls to help stop any attack being they lock up your data.<\/p>\n

If you want to read more on ransomware, check out The No More Ransom Project<\/a>\u00a0project.<\/p>\n

Want to chat more about ransomware? Find me on Twitter where I\u2019m @marknca<\/a> or connect with me on LinkedIn<\/a>.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\"\"I recently posted about why ransomware is such a money maker for criminals. Read it through and I think you\u2019ll understand why this is an area of massive growth for criminals. Ransomware is one of the fastest rising attacks currently out there with no end to that growth in sight. Criminals are making a lot…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[4503,3765,714],"class_list":["post-5800","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-cybercrime","tag-ransomware","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/5800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=5800"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/5800\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=5800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=5800"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=5800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}