Ransomware attacks have dominated the headlines for the last several years and continue to cost American businesses millions of dollars in losses. This lucrative business is on target to net $1 Billion dollars in 2016 according to the FBI. Antivirus vendors have had a really hard time containing the wave of ransomware attacks because new ransomware variants are being released at the rate of about one new variant per minute. At the current rate, AV can only detect a ransomware threat about 45% of the time because of its reliance on signatures. In order to secure your network, you should use a multilayer defensive approach that supplements other security products and procedures to help reinforce your current security measures.
Steps You Can Take Now to Protect Your Network
Security Awareness Training: It is important that your employees understand what attack vectors to look for in every email they receive to identify and avoid opening emails that contain malware. An organization should host quarterly training and include examples of real phishing emails and demonstrate a ransomware attack.
Simulated Attacks: Once your employees are educated on what phishing attacks are and how to identify phishing emails; you need to test them with simulated phishing campaigns. These campaigns will help you improve your employee training and will keep your employees up-to-date and alert to the latest attack vectors.
Hosts: Hosts should include antivirus and a software based firewall installed and up-to-date on virus definitions. You might also consider a host-based intrusion detection system and advanced endpoint protection like Carbon Black.
Patching: It’s very important that your host operating systems and applications are updated on security patches to rid them of vulnerabilities that could be exploited in an attack.
Antivirus: Although we understand AV is less than 50% effective, and it relies on signatures; it is still a viable solution when it’s a part of a layered network defense.
Backups: As you have probably learned by now, data backups are critical! Data needs to be backed up at frequent intervals, and those backups should be tested regularly. There are a number of backup options available, but whatever option is chosen you should include both onsite and offsite backups. Offsite backups are very important in resuming business operations in the event of a disaster at your current business location. Onsite backups on physical hard drives are typically the fastest method to restore your data, as opposed to using a cloud-based service where data must be downloaded over your internet connection.
Cyber Liability Policy: Proprietary data and Personally Identifiable Information (PII) are key components of your business that must be kept safe from cybercriminals. Your business is liable for breaches of PII. A cyber liability policy should be considered to protect yourself in the event of a breach, but failure to secure your network can result in a refusal by your insurance company to pay the cyberliability claim.
CryptoStopper: CryptoStopper was developed to identify ransomware by watching the data on your network. By monitoring watcher files for read/write operations, Cryptostopper can detect the presence of ransomware the moment it happens. CryptoStopper provides information about the infection such as the infected user account, the infected computer account, and most importantly, it disconnects the infected workstation from the rest of the network. Cryptostopper is a true ransomware killer. There are no whitelists or signatures which need to be updated, and constant false positives are a thing of the past. When ransomware attacks, Cryptostopper recognizes the behavior and stops it in seconds, immediately sending out alert messages and saving the day from the ransomware attack.
As you can see, there are a number of steps you should take to secure your network from malware and ransomware. Combining all of these suggestions will help you develop a multilayer defensive strategy that will be very effective at keeping cybercriminals away from your sensitive data.
