Ransomware — a form of malware that locks data and demands a ransom for its release — has become one of the most prevalent forms of malware today. According to Lavasoft there were 400,000 ransomware attempts in 2015 alone.
Security experts must contend with not only a rising number of ransomware attacks but also a growing variety. The AV-TEST Institute has reported that more than 390,000 new malicious programs appear every day.
As soon as one specific strain is neutralized, other variants emerge. For example, the Petya variant encrypts your entire hard drive rather than just individual files. The hard drive and operating system are inaccessible until the proper decryption key is entered. Another new breed of ransomware, Jigsaw, deletes a little bit of data every hour that the victim does not pay. JuicyLemon — which executes when a user clicks an email attachment disguised as an unpaid invoice, tax refund, job application form and so on — encrypts hard drive files and demands a ransom in bitcoins.
Victims typically have little choice but to pay. Yet there is no guarantee that paying the ransom will end the threat. Criminals could simply take your money and demand more, or just refuse to decrypt your files.
Either way, you’re likely to face significant business downtime that’s a lot more expensive than the cost of the ransom. According to one study, 72 percent of infected business users could not access their data for at least two days following a ransomware outbreak, and 32 percent lost access for five days or more.
For many organizations, data is the lifeblood of the business. Losing access to that data for even a short period of time could prove devastating.
So, how can you combat ransomware?
Uncover weaknesses in current defensesIn today’s IT landscape, the endpoint is the easiest and fastest way to infiltrate and paralyze an organization. For several years, IT security experts have based endpoint protection on the assumption that cyberthreats will penetrate the network. Many traditional defenses rely on signatures to identify threats, a method that is ineffective against zero-day threats. They are built to isolate the threat and minimize the damage. However, advanced threats such as ransomware are in a class of fast-acting attacks that can do great damage in just seconds. Any penetration can be catastrophic. Security planners need a way to stop malware before it can execute.
Firewall solutions can certainly help thwart malware from entering your network. But they cannot prevent attackers from slipping through the firewall via ports that the organization leaves open for legitimate applications. Firewalls also cannot prevent misuse of passwords or stop internal users from accessing websites with malicious code.
Backing up data regularly is another important way to protect against the effects of ransomware. Having a ready backup of key files can help some organizations avoid downtime until the ransom is paid and — in some cases — not have to pay the ransom.
Educating employees about the dangers of malware and helping them identify phishing scams can help. Nevertheless, it takes only one errant click to start a cascade of malicious events.
Adopt a preemptive strategyPreventing threats from executing is the best way to avoid the potentially disastrous effects of ransomware. You need solutions that can help you stop ransomware — and other malware — before damaging processes begin.
Artificial intelligence and dynamic mathematical models can help analyze files prior to their execution. The goals are to recognize threat indicators such as anomalies, deceptions and destruction, and determine what’s safe and what isn’t before they can even run. With these technologies, there are no daily or weekly signature updates to enforce.
Protecting all endpoints is also crucial. Endpoints — ranging from mobile devices and laptops to Internet of Things (IoT) devices and branch servers — are the portals into your organization. Look for a solution that can protect a diverse array of endpoints. Using a single, comprehensive solution will avoid leaving gaps while simplifying management.
That solution should help protect endpoints even when they are not connected to the internet. While detect-and-remediate solutions require connectivity to do their job, they can leave systems vulnerable when those systems are not connected.
Protecting data through encryption is an important complementary strategy for threat prevention. By encrypting data, you can help ensure sensitive information remains unreadable even if it falls into the wrong hands. Mobile end users can continue to work when, where and how they want, knowing their data is protected. At the same time, IT can focus on business needs without fear of the next compromise or data breach.
Establish your threat prevention with DellThe Dell Data Protection | Threat Defense solution can help you guard against the effects of ransomware by preventing ransomware and other malware from executing. Unlike traditional signature-based solutions, Threat Defense uses artificial intelligence and dynamic mathematical models to analyze files before they can do damage. Support for a broad array of endpoints helps ensure you can eliminate gaps in your defense. Threat Defense is part of the Dell Data Security Solutions portfolio, which offers a full range of capabilities to avert threats and protect data.
Ready to learn more about ways to strengthen your defenses against ransomware attacks? Visit: http://ddpmktg.dell.com/ransomware
Watch this video for a look at the full range of security across an organization.