Same Story, Different Threat. Writing a New Ending to Ransomware Attacks

Same Story, Different Threat. Writing a New Ending to Ransomware Attacks

June 27, 2017

by Lorena Crowley

If the past several weeks are any indication, IT teams better get a hold on their security practices because cybercriminals who have launched fresh ransomware attacks across the globe are more relentless than ever in their quest to disrupt business as usual. We previously questioned if this heightened state of fear and sensitivity was the "new normal ” that IT teams had to learn to cope with, and our suspicions seem to be confirmed.

Ransomware attacks can be assumed, and similar attack patterns are repeating themselves. But what if IT could re-write the ending to these stories with new and better outcomes? 

While every attack will have its nuances, many similar preventative measures apply for some of the most recent attacks like WannaCry and Petya, for example:

  • Applying Microsoft’s patches and security updates to prevent SMBv1 exploitation
  • Blocking document-embedded Macros by default within MS Office products 

But those measures don’t guarantee protection, and they don’t get to the root of the problem. For starters, we know that email phishing attacks are consistently a source of exploiting user vulnerability. Unsuspecting users are often introducing malware by inadvertently executing it. And while in today’s world it’s impossible for a single means of protection to prevent all threats, here are some approaches to consider for long term prevention and reduction of impact from cyberattacks:

  • Gain better control over admin rights: If organizations aren’t practicing “least privileged” yet, now is the time to start. Each user with elevated privileges is a major threat. It’s troubling to know that many organizations still over-supply admin rights, often because legacy apps and systems make it difficult to a standard user to be productive. With RES, IT can provide elevated rights to reduce the number of privileged users.

  • Application whitelisting: Whitelisting sounds great, but it’s harder to implement. Technologies, however, have improved, and RES continues to introduce new tools and capabilities that make it much easier to implement and maintain whitelists over time, controlling them at very granular file hash levels. With self-service capabilities that allow people to request exceptions or reviews of blocked files, productivity doesn’t have to take a hit either. Imagine: if your organization is practicing whitelisting today, and a ransomware attack is targeting users through a phishing scam, you would be able to prevent unauthorized files from being opened by users to begin with.

  • Tighten authorized file controls: RES allows you to centralize security policies across your workspaces, so you can adapt security policies and apply them to a subset of users, or everyone, as needed. When attacks do happen, organizations can respond quickly by activating relevant security policies. For example, after a new attack (like WannaCry or Petya), RES could centrally block access to unauthorized scripts, including VBS, PS1, BAT, to prevent them from being initiated by users before any damage could happen.

The latest ransomware attack is just that – the latest. Not the last. But IT can deploy new measures that can dramatically change attack outcomes. Tired of the same old attack/fix/remediation story? Change the dialog with RES and stop user targeted attacks in their tracks.