Don’t pay the price for ransomware
They say an ounce of prevention is worth a pound of cure, and this is as true for your business as it is for your health. This thought seems to be on the mind of Interpol recently, as it warns us that ransomware attacks have spiked due to the global pandemic.
The world of work has changed rapidly in the last few months, and many more people are now working from home. Unfortunately, it’s no secret that telecommuting increases an organization’s attack surface, leaving it more vulnerable to ransomware than ever before.
Specifically, there have been prolific attacks on healthcare providers, starting with Brno University Hospital in the Czech Republic, a COVID-19 testing hub that was targeted in March. In May, Fresenius, the largest private hospital operator in Europe, was also struck by a ransomware attack. But ransomware attacks are not exclusive to healthcare organizations. The FBI’s Internet Crime Report for 2019 states that there were 2,047 ransomware complaints last year, resulting in losses of $3.5 billion.
So let’s take a minute to step back and examine what’s at risk, and how to best protect your business from a ransomware attack.
What is ransomware?
Ransomware is a type of malware that denies access to an information system or makes data unusable, usually via encryption, until a ransom is paid. Imagine your organization is unable to provide your most crucial services to customers because cybercriminals have encrypted the data on the servers that facilitate these services. This is exactly what ransomware is designed to do.
Attackers understand that many organizations cannot afford lengthy service interruptions, and they leverage this urgency to extort money from them. A successful attack can result in a huge blow to an organization’s reputation, and there is also no guarantee that the attacker will uphold their end of the bargain and decrypt the data once the ransom is paid.
Ransomware can be disastrous to an individual or organization, and it is the job of security professionals to ensure that proper security measures are in place to protect against it. For example, it is a good idea to ensure that your organization has backups of its critical data so that an attack doesn’t immobilize your organization for a long period of time. It’s also advisable to have a good incident response plan that provides a step-by-step guide to what your team can do if an attack occurs.
Detect and remediate quickly
Obviously, prevention is the preferred method of protecting against ransomware attacks. Unfortunately, prevention isn’t always possible. Which brings us to the widely held beliefs that what you cannot prevent, you should at least be able to detect. And if you detect something, you should take corrective action to make sure it is prevented from happening again.
But as organizations improve in prevention and detection mechanisms, cybercriminals are honing in on additional vulnerabilities, often at the end-user level. Malware has become more powerful, with attackers using evasive customization techniques to avoid detection by the traditional signature-based anti-malware solutions utilized in many organizations. In recent weeks, ransomware has increasingly been distributed through COVID-19-themed phishing emails, exploiting vulnerabilities, or by users unknowingly visiting an infected website. Additionally, attackers often use The Onion Router (TORs), open-source software that allows communication to remain anonymous when sending command and control traffic to their victims.
The good news is that just as cybercriminals are getting smarter, the number and capabilities of intelligent protection solutions are also increasing. For instance, we offer Next-Generation Firewall solutions from Palo Alto Networks, which leverage a single-pass architecture designed to prevent network vulnerabilities, block the download of known malware and prevent malicious encrypted content from circulating around your network. These are just three of the features that help ensure your business and network are kept safe, whether your employees are working remotely or from the office.
To help ensure that your remote workforce remains secure using next-generation firewall protections, you can add specific capabilities designed to prevent ransomware attacks across your VPN. For example, Always-On ensures that protection is always present once a user logs into their computer. It’s built with two-factor authentication and quality of service (QoS) bandwidth management, which lets you allocate VPN bandwidth for select types of traffic and users.
And for the ultimate ransomware protection, our partner Palo Alto Networks offers a Next-Generation Firewall with the features listed above, plus their WildFire Malware Analysis service, which can detect malware and release a fix within minutes to thwart zero-day malware.
Through a WildFire subscription, unknown files are sent to WildFire for analysis in its cloud-based virtual sandbox. After WildFire detects that a file or URL is malicious, it immediately creates a new anti-malware signature that can be downloaded in minutes by Palo Alto Networks firewalls around the world. Not only does this help identify systems that are possibly infected, but it also prevents other machines in your network and other WildFire subscribers around the world from being infected.
Take stock of your current protections. And if you’d like guidance on finding the next level of ransomware protections for your business, feel free to reach out to our security experts.