The main difference between a ransomware attack and a malware attack lies in the effects. In a ransomware attack, data is encrypted, or locked, and in order to obtain the decryption key, the owner must pay a ransom. Malware attempts to cause damage or shut down computers and other systems. Though the effects are different, both attacks operate in a similar way, which means defending against a ransomware attack can be done in much the same way as defense against a malware attack.
Ransomware has now become an issue for many companies around the world. “This affects everyone. Everyone is at risk,” says Ian McShane, research director, at the Gartner Security & Risk Summit 2017 in National Harbor, MD.
Here are a number of myths about ransomware that continue to plague the cyber community:
Fiction: Ransomware = Zero-Day Attacks
Fact: There are hundreds of known vulnerabilities that remain unpatched that an attacker can choose from. The development of a new or zero-day attack is costly and difficult and so attackers will generally target the known vulnerabilities. This is why system patching should be a top priority for preventing an attack.
“Stop thinking about zero-day and start thinking about things being attacked today,” says McShane.
Fiction: Because you pay for latest EPP, you have the latest EPP
Fact: Your Endpoint Protection Platform (EPP) should not be more than three years’ old. Many groups only have a portion deployed because they do not realize that new capabilities that are included in releases need to be tested and enabled.
In other cases, it is common that recommended guidelines are not being followed correctly and this is why it is important to contact your vendor and conduct continuous assessments of systems. For an EPP to have most effect, it should be one technology stack that is fully configured, versus two partially configured technologies. Minor updates should be completed every three months and major updates every six months. You should also get a configuration check from the vendor.
Fiction: With EPP, you are protected from all threats
Fact: Less recent versions of EPP rely on signature-based prevention which is only effective against known threats and most ransomware can be repackaged. Ensure your organization deploys AND enables non-signature technologies.
Fiction: EPP gives you all the insight you need
Fact: Many organizations lack visibility on endpoint processing and often rely on the end-user to reports security issues. Many also do not look into the root of the problem or why it is happening. Was it a user-based issue or a technical issue? Look for increased visibility and be able to respond to endpoint incidents and then make sure you look for the root of a problem.
Fiction: Firewalls and other perimeter solutions are all you need
Fact: Most ransomware attacks originate on the internet and most organizations are not using best practices. Ransomware attacks are successful because of low standard or outdated perimeter security so it is important to ensure you are using the latest patches and configurations.
Fiction: Administrators always follow best practices
Fact: Oftentimes, many admin accounts are not monitored and administration staff are not acutely aware of the risks posed by potential attacks on their accounts. Admin accounts and endpoints are high-value targets and access should be treated as a data resource and protected in the same way.
Fiction: I have a backup, I don’t need anything else
Fact: While it is important to have backups in place, they should only be one part of your defense strategy. If organizations do not actively monitor backup systems, ransomware may actively target the backups as well. DR procedures should be documented and tested regularly. Make sure there is limited access to backup locations and monitor for any changes. An offline backup can also be considered as part of your defense strategy.
How can ActZero help my organization?
ActZero can help you focus your team's energy where it matters most: protecting systems from unauthorized access and continuously testing your defenses. This helps to detect and respond more effectively in comparison to buying and implementing security products or patching programs alone.