NNT recently conducted a webinar series on the topic of achieving compliance and how to combat today’s devastating ransomware attacks.
In this webinar, we discussed how Ransomware is now the ‘Great White Shark’ of Malware because, like the Great White, the actual damage caused is minor when compared to other forms of malware and the broader spectrum of cyber security threats. In fact, the Great White is responsible for about 10 deaths a year, while crocodiles and hippos are responsible for killing over 150 times more people.
In purely malware terms, the facts are rather similar- you are far more likely to fall victim to other malware than ransomware. This could be malware that steals bank details, or payment card numbers, or intellectual property or personal information for identity theft, all of which could result in misery and costs far greater than the loss resulting from a ransomware hit.
Home Users: Like the shark bite, being a victim of a ransomware attack is going to hurt. Being given a few hours to pay a ransom or lose permanent access to everything on your personal computer is a stark choice. What value would you put on all of your personal documents, photos, music, etc.?
Corporate Users: The stakes are even higher for corporations, where the absolute dependency on IT systems means ransomware could threaten the very life of the business itself. In the case of the LA Presbyterian Hospital, this threat to life was more literal, in that patient systems were under threat from ransomware, leaving the hospital to pay $17,000 dollars in Bitcoin to quickly and efficiently restore their systems. Now that there has been a public precedent of a hospital paying a ransom, expect to see greater targeting of corporate users.
Email phishing attacks, whether it be of the mass, spear, or whale variety, is still the most common means of invoking a ransomware attack for corporate targets. The home user market is attacked most commonly through mass emailing.
One key takeaway from this webinar we need to establish is that ransomware is not different than any other form of malware in terms of its delivery means- usually, but not exclusively, via email with either malware attachments or links to infected websites. The difference- and the scary part- is how it’s used to extort money from victims.
Once the malware’s been invited onto a user’s computer it can then get to work, encrypting files before announcing its presence and declaring its ransom demand. The nature of its immediate demands and very tangible threats is precisely what makes it more feared than other malware. However, your line of defense and your approach to preventing ransomware should be the same as it would be for any other malware. Don’t be thrown off by the sensationalism surrounding ransomware- pragmatism should always prevail!
Over and above standard firewalling and anti-virus protection, there are additional defenses that should be in place to defend against phishing, given that this is the primary delivery mechanism used. Unfortunately, phishing is, by design, notoriously tough to prevent, due to its cunning and devious methods. The malware is invited in by the recipient, typically either by opening an attachment or by activating/downloading a link, thereby largely subverting Corporate IT Security.
The best approach is to, therefore, harden the user workstation environment, to prevent malware activity where possible and to at least place more obstacles in the way when not. As with any hardening program, a balance must be found between strong security and operational ease of use.
The majority of exploitable vulnerabilities can be mitigated within the Workstation Operating System, and further protection can be provided using manufacturer extensions such as Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) and Windows Defender or 3rd Party AV.
NNT, in conjunction with The Center for Internet Security (CIS), provide a comprehensive suite of system hardening templates based on absolute best practices. These can be leveraged to ensure all of your systems (workstations included) retain the most appropriate checks designed to harden your environment and protect from Ransomware.
NNT’s is an accredited CIS member and as such we are able to automate and control the provision of all relevant hardening standards including your Microsoft Applications. Within minutes, a full vulnerability assessment can be performed against your user workstation platforms and the applications being used. Full remediation guidance is provided to make corrective action a straightforward task.
NNT can also provide a Ransomware Mitigation Kit, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified. Check out NNT’s Ransomware Mitigation Kit here: https://www.newnettechnologies.com/nnt-ransomware-mitigation-kit.html
Best of all, these layers of defence against Ransomware are also backed up with the fastest-available, real-time system integrity and change control detection technology to further ensure that, if the unthinkable happens and you do fall victim to an attack, any suspicious changes or activity is immediately brought to your attention before major damage can be perpetrated.
Coming back to Compliance, what’s cool is that the same process we just worked through for Desktop Apps in order to specifically mitigate the ransomware threat is identical to the process needed for any GRC standard – determining, applying and maintaining a hardened build standard is at the core of all compliance programs.
The same approach can be used within Gen 7 to analyze, test and maintain compliance, with expert input from the Center for Internet Security. And now with the NNT Remediation Kits, CIS Hardened Build standards can even be automatically applied to your Windows and Linux estates.