The all new NNT Ransomware Mitigation Kit, included free with every Change Tracker Gen7 deployment: Layered protection against the biggest Cybersecurity threat in 2016
Right now, Ransomware is the Great White Shark of cyber attacks, the most feared malware of all, and both corporate and home users are running scared.
And rightly so - Anyone who has had experience with Ransomware, will attest to the agony and disruption.
But instead of worrying about an attack, what action can be taken to safely venture back into the water and not necessarily “with a bigger Boat”?
Who should be aware of the Ransomware threat?
Home User: The home-user community for ransomware has been highly active for a few years now but has escalated in recent months. Being given just hours to either pay the ransom or lose permanent access to everything on your personal computer is a stark choice (often enough to precipitate agreement to the extortion). What value would you put on all your personal documents, photos, music, etc?
Corporate User: The stakes are even higher for a corporation, where the absolute dependency on IT systems means ransomware could threaten the very life of the business itself.
In the case of the LA Presbyterian Hospital, this threat to life was more literal, in that patient systems were under threat from Ransomware – the hospital paid the equivalent of $17,000 dollars in BitCoin as the “quickest and most efficient way to restore our systems and administrative functions”; and just like that a dangerous precedent was set! More details later.
How does Ransomware typically attack systems?
Email – phishing, be it the mass, spear or now whale variety for corporate targets – is still the most common means of invoking a Ransomware attack. The home-user ‘market’ for the extortionists lends itself to mass-emailing, but this means that the malware can just as easily end up on Corporate Workstations. Significantly, now that there has been a very public precedent of a hospital paying a ransom, expect to see greater targeting of corporate targets.
So - What should you be doing right now to prevent Ransomware?
Unfortunately, phishing is, by design, notoriously tough to prevent, due to its cunning and devious methods. The malware is invited in by the recipient, typically either by opening an attachment or by activating/downloading a link, thereby largely subverting Corporate IT Security.
The best approach is to therefore harden the user workstation environment, to prevent malware activity where possible and to at least place more obstacles in the way when not. As with any hardening program, a balance must be found between strong security and operational ease of use.
The majority of exploitable vulnerabilities can be mitigated within the Workstation Operating System, and further protection can be provided using manufacturer extensions such as Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) and Windows Defender or 3rd Party AV.
Secure the Desktop and the User
But when it comes to users’ emails and their content, accurately protecting against the bad while allowing the good is beyond any technological solution. While blocking all email attachments and links would improve security, there aren’t many users that would sign up for this. A more graded approach to protecting the user is needed.
For example, MS Outlook security policy options are available to control:
How administrator settings and user settings interact in Outlook 2013
Outlook COM add-ins
ActiveX and custom forms security
Programmatic Access settings
Settings for Attachments, Cryptography, Digital signatures, Junk email,
Information Rights Management and Protected view
Similarly, fine grain security settings are available for Excel, Word, PowerPoint and Office, all serving to mitigate vulnerabilities within the application that could be exploited by an attacker, overall bolstering Ransomware defenses.
Likewise for contemporary browsers like Chrome, Firefox and Internet Explorer, anti-phishing controls should be enabled alongside other built-in security measures that are often disabled by default.
Help is at Hand: The NNT Ransomware Mitigation Kit
NNT, in conjunction with The Center for Internet Security (CIS), provide a comprehensive suite of system hardening templates based on absolute best practices.
These can be leveraged to ensure all of your systems (workstations included) retain the most appropriate checks designed to harden your environment and protect from Ransomware.
NNT’s is an accredited CIS member and as such we are able to automate and control the provision of all relevant hardening standards including your Microsoft Applications. Within minutes, a full vulnerability assessment can be performed against your user workstation platforms and the applications being used. Full remediation guidance is provided to make corrective action a straightforward task.
NNT can also provide a Ransomware Mitigation Kit, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified.
Best of all, these layers of defense against RansomWare are also backed up with the fastest-available, real time system integrity and change control detection technology to further ensure that, if the unthinkable happens and you do fall victim to an attack, any suspicious changes or activity is immediately brought to your attention before major damage can be perpetrated.
Download the white paper