Article

Susmita Sankaran
Susmita Sankaran 12 January 2018

It’s only a matter of time before you become the next victim to a ransomware attack!

Remember the good old days when we talked about a number computers getting infected by malicious content? If you think of the meteoric rise of ransomware in past few years – the good old Trojan looks almost friendly and harmless in comparison.

As opposed to a few thousand computers getting affected then, these virus' can affect countries and continents. What’s more, there is actual ‘ransom’ you have to pay to get access back to your data. Welcome to the age of Cyberwar! But do you have enough ammo to protect yourself?

Since the day the first ransomware attack was launched, the information security world has been abuzz with various control measures to be adopted to arm yourself against a ransomware attack. What most of them do miss to point out is that, we are not just talking about the infamous crypto ransomware, there is a plethora of ransomwares out there such as Leakware/ Doxware, Crysis, Samsam, Cerber, Locky-Zepto just to name a few. To protect yourself against a vast variety of malicious content you need a healthy mix of different controls in place such as:

  1. Perimeter Security (Email Security Gateway, Firewalls, Web Security Gateways)
  2. Endpoint Security: Traditional Antivirus, Endpoint Security AND/OR End point privilege access management
  3. Patch Management
  4. Vulnerability Scanners
  5. Application Whitelisting/Blacklisting/Gray Listing
  6. Port Security so on and so forth.

Above all, robust and continuous back-up in place.

Ransomware Evolution

Ransomware Evolution Prcatices

While various levels of controls are identified for ransomware protection, the most vulnerable and frequently exploited is the END POINT. With new variants of malwares and ransomware being introduced in market- traditional endpoint security alone is no longer sufficient. Ransomware-as-a-service is an undeniable reality which arms the most amateur cybercriminal with enough ammo to launch their own customized attacks. The traditional end point solutions can be helpful when you know what you’re looking for – but when it comes to ransomware, there are new variants coming out every day. Signature based end point protection will no longer suffice. Hence, next gen end point protection solutions clubbed with end point privilege access management solutions are the need of the hour- which may function independently or in conjunction with the traditional end point security.

Ransomware Evolution

The next gen end point security solution and privilege access management solutions also offer behavioral analytics i.e. analysis based on machine learning, artificial intelligence based threat detection measures etc. These advanced features make the next gen end point security solutions much smarter than the traditional tools which depend heavily on signature or heuristic based prevention measures of malicious content.

It is also important to look for end point security tools that also offer sandbox analysis, specific in-built ransomware policies, end point isolation (after detection) with minimal effort, rollback of the changes, application white/black/grey listing capabilities, activity recording. Integration with SIEM, network security and threat intelligence solutions can significantly improve the overall adaptability of the end point security suite.

End point privilege escalation is the most frequently exploited feature by the attackers and is yet the most neglected and still highly vulnerable areas an end point security tool that offers Administrative rights removal on end points without affecting the user capabilities is the key to avoid such attacks

Unfortunately, there is no single vendor in the market today offering all the above prevent & protect capabilities in an end point security suite.

The Best Defense Strategy at End point

Comprehensive approach to fend off any ransomware at the end point must work on the Detect, Protect, Sustain approach. Detection methodologies – combination of manual as well as tool based; needs to be adopted to identify ransomware including in stealth mode. Any new suspicious content entering the network should be blocked and reported. Protection controls on the endpoint should focus on application whitelisting/blacklisting/grey listing, enforcement of ransomware protection policies, blocking unauthorized access, RBAC, removal of admin access among others. Any Defense strategy is ineffective without a proper Sustain plan in place which must include but not limited to continuous monitoring, Incident Management and Analysis, patch management, internal audits, periodic reviews, policy updates and most important regular backups and testing

Whether you decide to stay with traditional end point security or upgrade to next gen end point security and end point privilege access manager is your prerogative. However, as popular proverb goes on to say “a chain is only as strong as its weakest link”. Don’t let inefficient end point security control compromise your organization’s security on the whole – because like it or not, ransomware is here and evolving as we speak. Who knows? – you could be the next?

The original article is published here.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
How to Review a Website — A Guide for Beginners

How to Review a Website — A Guide for Beginners

A company website is crucial for any business's digital marketing strategy. To keep up with the changing trends and customer buying behaviors, it's important to review and make necessary changes regularly...

Digital Doughnut Contributor
Digital Doughnut Contributor 25 March 2024
Read more
The Impact of New Technology on Marketing

The Impact of New Technology on Marketing

Technology has impacted every part of our lives. From household chores to business disciplines and etiquette, there's a gadget or app for it. Marketing has changed dramatically over the years, but what is the...

Alex Lysak
Alex Lysak 3 April 2024
Read more
The World Is Shrinking: 6 Degrees of Separation Is Now 2!

The World Is Shrinking: 6 Degrees of Separation Is Now 2!

Six degrees of separation is not just a party game, it's a reality. Everyone is the world is interconnected, and thanks to social media, that connectedness gets tighter and richer each day. See the research...

Scott Christley
Scott Christley 9 August 2017
Read more
10 Factors that Influence Customer Buying Behaviour Online

10 Factors that Influence Customer Buying Behaviour Online

Now is an era where customers take the center stags influencing business strategies across industries. No business can afford to overlook factors that could either break the customer experience or even pose a risk of...

Edward Roesch
Edward Roesch 4 June 2018
Read more
Cats and Dogs Boost Your Business By 300%. Here’s How.

Cats and Dogs Boost Your Business By 300%. Here’s How.

It’s the age-old question that has endured ever since the creation of the internet: are you a cat person or a dog person? Or do you love both cats and dogs? We have both dog lovers and cat lovers at Sortlist, so it...

Aline Strouvens
Aline Strouvens 27 August 2021
Read more