Stop Ransomware 3 – How Can I Prevent Ransomware?
Industry expertise by Martin Bannister, written by Jason Eichner
In the last post of this series we examined how a computer, and then a company, can become infected with ransomware. In this post we’ll examine the methods of protecting your systems from ransomware, and what can be done once ransomware is already on your computer.
Ransomware Protection and Prevention
Ransomware is an aggressive and difficult to deal with form of malware, so the best offence against it is a rock solid defence. Ransomware is definitely a scary prospect for any business, but with the right preparation you can rest easy.
No single form of protection is bullet proof. Every piece of technology, and every person, is fallible – and so you need to prepare around that. By using layers of complimentary protection you can ensure you filter out even the most dangerous, pervasive threats.
Layer 1 – Firewall
Firewalls are a vital aspect to a good security setup, however they are often integrated into a business incorrectly – at the user level, whereas they should really be integrated higher up – at the network level.
Most (but not all) ransomware threats will enter your network via the internet. The internet will always hit a single point in your company – the internal network or router, and from there it splits off to each individual user. By placing the firewall at the connection from the outside world to the network, before it is split, a lot more protective power is granted to the firewall, and individual user error is removed from the question. By having the firewall guarding the entire network you also avoid the risk of having an employee or guest get an infection on an unprepared laptop or phone and then having the ransomware sidestep across the rest of the company’s computers. Once the infection is in the system, it is harder to stop – so stop it before it gets in!
A sophisticated hardware firewall sees all inbound and outbound network traffic, and can help protect against dangerous files being downloaded, and dangerous websites being visited by unsuspecting users.
Layer 2 – Antivirus
Antivirus is your strongest line of defence against ransomware. A sophisticated, cloud-based antivirus solution should be able to catch almost any infection before it starts.
A good antivirus, configured properly, can detect almost any threat – even threats delivered via social engineering means such as the USB methods discussed in the last part of this series.
Modern ransomware packages are sometimes delivered as something called a polymorphic virus – where it constantly rewrites its own code to prevent detection. The best antivirus can even catch these incredibly intelligent attacks.
By using a cloud signature and trend detection the reliance on constantly downloading updates is removed, meaning even the most cutting edge and aggressive strains of ransomware can be caught immediately.
The best of modern antivirus will not only use cloud signature detection, but will have redundant systems in place that do not rely on the age-old signature detection system. All successful antivirus in history have used signature detection – a method of knowing a virus by a small piece of data unique to every program; but of course, now that that method of detection is so common, cybercriminals are adjusting for it. New ransomware strains are being discovered with scrambled or randomised signatures, meaning signature based antivirus will allow that ransomware through undeterred!
By using a more heuristic antivirus, with sophisticated intrusion detection and integrity monitoring, these savvy modern cybercriminals can be stopped dead in their tracks.
Layer 3 – Email Security
Email has always been a curious security hole. Email provides a direct link from the outside world to individual computers, and users often have so much trust in their email and how it works that they willingly click any link or open any file they receive.
It is also a cybersecurity nightmare. The majority of all attacks start via email, meaning every sort of threat can land in a mailbox; however, dedicated email security can prevent this!
Email security and management packages can use a variety of techniques to ensure computers and networks stay safe, and with the rise of ransomware they have become exceptionally good at combatting such attacks.
A primary security function of a good email security service is cloud-based sandboxing. What this means is that if a file is sent to your email, it is first run on a software “computer” that is totally disconnected to your network, to test if the file is malicious. If it starts to, say, encrypt files in this sandbox computer, the file is blocked and the company’s IT admins are alerted to the attempted attack. This sandboxing method can detect and stop a massive variety of threats and email-borne attacks.
Another powerful cybersecurity measure email security systems can put to use is file conversion. Ransomware can be delivered as a package hidden within various innocuous looking documents, such as spreadsheets. The email security service can convert the exploitable filetypes to safe, but still perfectly functional, files for easy viewing. Should the originals be needed, they can be requested with a single click – the original files are then thoroughly scanned and tested for threats or malicious code, and should they pass they are sent along to the user.
Email security allows for a layer of defence that is entirely outside of the network – and thus allows threats to be prevented before they even have a chance to begin. But good email security goes further – using sophisticated identification and databasing techniques it can identify fraud and phishing emails, preventing trustworthy looking emails with malicious links from being delivered to unsuspecting users.
This malicious link detection can go even further than that though – URL replacement allows all links in an email to be invisibly altered to redirect to a security scan first, meaning should a user click a link to a website that will deliver ransomware to their computer, the scan will detect this and alert the user before they can be infected.
Next week we will be exploring the final layer of security; one that can protect you even after you are infected by ransomware. Check in next time to read about backup, disaster recovery, and other restorative measures.