Interviews

Ransomware year

by Mark Rowe

After year of ransomware – what can we learn? asks Patrice Puichaud, pictured, Senior Director, EMEA, at the security software company SentinelOne.

Ransomware was rampant yet again in 2017 with organisations repeatedly falling victim to attacks which bypassed traditional security defences. Strains such as NotPetya and WannaCry made headline news across the world and had a serious impact on business operations. In the aftermath of the attacks, organisations reported losses of revenue amounting to hundreds of millions of dollars and in May’s ransomware attack, the NHS had to cancel appointments and surgeries. Even as the new year begins, there’s no sign of it stopping.

These attacks were a wake-up call for organisations in terms of what they can expect. In 2018 we’re sure to see attack methods continue to evolve as criminals attempt to avoid detection from traditional defences, which means organisations need to be extra prepared and have the right processes in place to detect and defend their networks. As a result, we take a look at what can be learnt from the biggest ransomware attacks of 2017.

Lesson 1 – Everyone is a victim

The growing competition between ransomware gangs has meant that the total number of individual users who encountered ransomware between April 2016 and March 2017 grew by 11.4 per cent to 2,581,026. This highlights that, whether you’re an individual or a large organisation, when it comes to ransomware attacks, the pool of victims is getting bigger. Even if you aren’t affected directly, the impact of an attack can be far reaching. For example, vital public services have been disrupted with emergency services systems and public transport coming to a standstill. As a learning point, organisations need to operate under the assumption that it is not a question of “if” but “when” a cyber incident will occur. Users are the first line of defence when it comes to spotting phishing attacks, so awareness of cyber security must be of the highest importance for everyone in the organisation from the board level downwards.

Lesson 2 – Patching

An organisation will have acted too late should they need to carry out patching on the network. Patching and updating is only a remedy when the attack is known, however this is not the case with unknown attacks like ransomware. The Wannacry ransomware attack was able to spread so effectively because of a known vulnerability and whilst Microsoft had patched this back in March, many organisations, including the NHS, failed to patch and fell victim to the ransomware as a result. Had the NHS been proactive with its adoption of security then the Wannacry virus would not have crippled its systems as badly as it did.

The patch to plug the WannaCry hole had been available for just under two months, however in practice many companies usually take over 100 days to apply these updates whereas those machines that had been updated and patched were not affected by the ransomware.

Patching is unnecessary if organisations have the correct solutions such as a next generation endpoint security which can identify vulnerable applications and even protects organisations with an older version of their software.

Lesson 3 – Backups

Once ransomware has infected machines on an organisation’s network, it may seem as if there is no choice but to pay the ransom, but this is not the case.

In terms of recovery after a ransomware attack, having the necessary backups in place is vital when devices are not always online or connected to the network. However, should ransomware bypass an organisations defences, having a solution with remediation capabilities can assist them in reversing any damage done by ransomware.

This means that when files are modified or deleted, or where changes are made to configuration settings, it can undo damage and recover the data. This ability to automatically rollback compromised systems to their pre-attack state greatly minimises any downtime and loss of productivity.

Lesson 4 – AV is not sufficient

Legacy antivirus solutions are no longer adequate when it comes to defending against these attacks. IT professionals and executives must be aware now that antivirus and static prevention do not effectively protect against targeted ransomware attacks, and should seek out next-generation endpoint protection solutions that apply technologies such as behavioural detection in combination with machine learning based on AI to detect malicious behaviours and prevent known and unknown threats.

Ransomware will continue to persist in 2018 and criminals will seek to play on human nature and emotions using psychological techniques such as fear and manipulation to coerce them out of money. Attackers are increasingly operating like businesses and even offering customer service helpdesks to do everything they can to make users pay up.

To turn a serious threat into a manageable issue, top-level executives should understand ransomware and work with their cyber security teams to develop effective policies and install adequate security solutions that can help guard against the most advanced attacks.

Related News

  • Interviews

    SME breach response

    by Mark Rowe

    The recent streak of high-profile ransomware attacks might have given small and medium enterprises (SMEs) a false sense of security. It certainly…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing