Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

2/26/2015
10:30 AM
Alexandra Gheorghe
Alexandra Gheorghe
Partner Perspectives
Connect Directly
Twitter
LinkedIn
Google+
RSS
50%
50%

How to Strengthen Enterprise Defenses against Ransomware

Eight essential ways that companies can enforce their borders.

In 2014, death reached a man through the Internet. A 36-year-old Romanian, who had been surfing porn sites, committed suicide after a notice from a computer virus threatened him with prison unless he paid a “fine” of thousands of dollars. The virus was IcePol ransomware.

This devastating breed of malware is getting ever-more dangerous, reaching new levels of complexity as it hits smartphones and tablets that store crucial personal and enterprise-level documents. Unfortunately, encrypted communications between attackers and elusive infection workflows make it difficult for traditional detection-based security solutions to detect and block ransomware.

Ransomware has become a growing menace for companies, targeting employees with ingeniously crafted messages and techniques. More than once, employees have proven to be companies’ weakest links, especially since companies have embraced the BYOD/BYOA trend. As we’ve seen with previous incidents, a successful intrusion can cause tremendous damage: destruction of sensitive or proprietary information, disruption of operations, and huge financial and reputation losses. Attackers usually aim at targeted files, databases, CAD files, and financial data. For example, the infamous CryptoLocker was used to encrypt more than 70 different file extensions, including .doc, .img, .av, .src, and .cad.

Where should businesses intervene to prevent becoming vulnerable to ransomware? Here are eight essential recommendations for companies looking to bolster their defenses:

  1. Educate employees in good computer practices and in identifying social engineering attempts and spear-phishing emails. Downloading attachments from unsolicited emails and accessing compromised sites after clicking pop-up ads are two of the most frequent vectors of infection with ransomware. Newer variants of ransomware have also been seen to spread through removable USB drives or IM clients, with the payload disguised as an image.
  2. Install, configure, and maintain an advanced endpoint security solution. A multilayered security solution will include an intrusion-detection system with behavior-blocking components that monitor devices and look for actions typically initiated by malware.
  3. Enable software restriction policies to allow only specifically identified applications to run. These measures will reduce the risk of infection by restricting scripts and other untrusted apps from running.
  4. Use a firewall to block all incoming connections. An advanced firewall solution includes security capabilities such as intrusion prevention, content/URL filtering, and encrypted traffic inspection. This helps prevent attacks and unauthorized network traffic and, ultimately, protects an organization’s most critical assets.
  5. Make sure programs and users have the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application
  6. Enable system restore to recover the previous versions of encrypted files. System restore allows you to boot your system and to restore your computer to a known clean state. Bear in mind that it might not work with all types of malware.
  7. Deploy and maintain a comprehensive backup solution. Cloud-based disaster recovery can be an efficient option for data storage, helping organizations to remain agile regardless of the catastrophe – human error, malware infection, or natural disaster.
  8. Make sure all systems and software are up to date with relevant patches. Needless to say, ransomware takes advantage of vulnerabilities in outdated software – such as browser plugins like Flash Player, Java, and Adobe Reader – to corrupt systems.

Ransomware is a powerful and sophisticated threat that can be re-engineered in ways that thwart traditional layers of defense. That is why businesses, financial institutions, government agencies, academic institutions, and other organizations carrying highly sensitive data should make use of all the security measures available to enforce their borders.

Alexandra fulfills the Security Specialist role for Bitdefender, performing writing duties such as security news for Bitdefender's security blog, as well as marketing and PR materials. She started writing about online security at the dawn of the decade - after 3-years in ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
3/1/2015 | 2:57:49 AM
Honeypot the employees
One technique that some companies engage in (and consultants advise) is to purposely send "phishing" emails to a random selection of employees each month.  If the employee clicks, he is advised that it was a phishing email and he is required to complete a brief, five-minute training session online.

From what I understand, it works like a charm in reducing successful phishing attempts while fostering a strong security culture.
aws0513
100%
0%
aws0513,
User Rank: Ninja
2/27/2015 | 1:13:14 PM
The Basics
A good article that would be presentable to organization managers.

Of course, this is the 50,000 ft level.  There are so many security controls to consider that it is easy to get lost in the forest of things that should be in place without knowing if there is a path out of the maze.

When I work with organizations struggling with how to implement an information security program, I talk about the same things provided in the article, but within the Critical Security Controls (CSC) framework.  The CSC framework helps managers prioritize efforts to establish a foundation of security controls from the ground up.  Some controls just need to be operationalized before other controls can be effective.
For regulatory data environments, the CSC maps out very well to other security control and risk management frameworks.

In the end, the concepts of least privilege, least functionality, separation of duties, and need-to-know are the concepts that all employees need to learn and understand, not just in IT, but in any information handling environment. 
I dare say that end users...  customers...  the general public... also need to know those core concepts.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/27/2015 | 10:20:25 AM
Great Points!
All these points are great, but 4, 5 and 7 rank highest in priority for me with something like cryptolocker and other ransomware. I think in situations like this it is important to have a means of recovering your files as expediently as possible while not allowing the infiltrating software to glean upper level credentials and I feel 4, 5 and 7 are strong points in this regard.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...