Ransomware became one of the top threats to enterprises this year

Ransomware increasingly hits businesses, hospitals, public utilities, public transit systems and even police departments

1 2 Page 2
Page 2 of 2

The next wave

Corporate networks are not the only ones at risk; the next wave of attacks could see ransomware targeting industrial networks, said Guy Caspi, CEO of cybersecurity firm Deep Instinct. "In April, the Lansing Board of Water & Light (BWL) -- the third-largest electric and water utility in Michigan -- was under a ransomware attack, and so was the first electric utility hit by ransomware."

Caspi believes that the next step in the evolution of ransomware could be programs that wipe hard drives after making a copy of the data instead of encrypting them.

On the other hand, Bitdefender's Arsene believes that since we now have ransomware for Windows, Linux, OS X and Android, the internet-of-things devices could be the next target.

"A scenario where smart devices are held for ransom is not really that farfetched, especially since the number of smart things is expected to exponentially grow in the next couple of years," Arsene said. "If your smart home were to be held for ransom or if you corporate sensor grid were to be taken offline by ransomware, that’s when things will get complicated."

Preventing ransomware infections

  • Implement an awareness and training program for employees to teach them how to recognize phishing attacks, malicious attachments and ransomware signs.
  • Use a strong spam filter and implement anti-email-spoofing technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM).
  • Configure network-level security solutions and firewalls to block access to known malicious IP addresses, including Tor, since many ransomware command-and-control servers are hosted on Tor.
  • Keep the software running on workstations and servers up to date and consider a vulnerability scanner and patch management system.
  • Use a capable anti-malware program with a proven track record in detecting ransomware and ensure that it's configured to perform regular scans.
  • Use the principle of least privilege for local accounts on workstations, as well as network shares and other resources. If a user doesn't need write access to a network share, don't provide it.
  • Disable the execution of macros in Office files and restrict the execution of other scripts like JavaScript, Powershell, and VBScript in Windows.
  • Disable browser plug-ins that are not needed and consider running the browser and other programs in Microsoft's Enhanced Mitigation Experience Toolkit (EMET).
  • Prevent programs from running from temporary folders and other common locations used by malware by using software restriction policies.
  • Disable the Remote Desktop Protocol (RDP) and other remote management tools if not needed. If they are needed make sure they use strong and unique credentials.
  • Consider using an application whitelisting solution and executing risky programs in virtualized environments.
  • Catalogue data based on its value and implement strong access controls and physical separation for critical network segments.
  • Back up data regularly, verify the integrity of those backups and regularly test the restoration process.
  • Ensure that computers are not permanently connected to backup locations. Create multiple backups and store them offline and offsite, for example in the cloud if they are secured and there is no perpetual access to them. Be aware that continuous file synchronization is not a backup method and some ransomware programs detect and encrypt data in cloud-based file synchronization solutions.
  • Conduct regular penetration tests and vulnerability assessments.

Copyright © 2016 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
9 steps to lock down corporate browsers
  
Shop Tech Products at Amazon