July 19, 2016
Malware takes many forms, one of the most popular today being “malvertising.” Designed to look like traditional Internet ads, these threats hide in plain view and lure users into downloading them with links to celebrity gossip, self-improvement tricks or the promise of financial gain.
When users click on the ads, ransomware can automatically download itself onto the user’s unpatched device. These “advertisements” find themselves on sites all across the web and serve as one of the easiest delivery systems for ransomware.
As the name suggests, ransomware holds a device hostage until the user pays a financial ransom for its relief, blocking programs or threatening to erase data until the ransom gets paid.
Sadly, no silver bullet exists to stop ransomware. When the malware takes hold, it uses the same high levels of encryption as the best enterprise-grade security tools, making it nearly impossible to break.
An FBI agent made headlines last year when he said, “The easiest thing may be to just pay the ransom. The ransomware is that good.” While the quote shows the danger of ransomware, paying the ransom should be a last-resort option. Even then, there’s no guarantee the threat will disappear — an insult to injury the FBI has seen happen many times.
As an inside sales engineer, part of CDW’s Security Solutions Practice, we’ve identified several proactive alternatives. Implemented together, they form a multilayer barrier that enables organizations to limit their exposure to ransomware.
New Life for Old Exploits
Malvertising succeeds, in part, because it targets old flaws in common software such as Flash and Windows. Hackers take advantage of holes in software that were never patched, due to the all too common overloaded IT department staff.
While easy to neglect, updating patches is still far easier than removing ransomware or other viruses that exploit these old flaws.
IT staff can best manage patches in chunks and by creating a patch prioritization schedule. Identify the most vulnerable platforms or those connected to the Internet, and patch those first. Then focus on the trickier ones, such as ERP systems, that need special attention when a patch could close used ports.
Back Up and Block
Ransomware consistently evolves, making frequent, offline backups a smart move for IT staff.
Historically, ransomware programs ingrained themselves in a computer’s operating system to gain admin control. This then allowed the ransomware to dial home to the Command-and-Control (C2) server that provides encryption keys.
Ransomware can now disable a computer’s ability to create shadow copies, which previously would allow the user to restore the machine. This tactic makes backup that much more important.
Users should also consider tools, such as OpenDNS, that continually identify new domain names that ransomware hackers register for their C2 servers. Vendors claim these tools update frequently enough to block approximately 90 percent of dial-home attempts. In my experience, it’s more like 70 percent to 80 percent, which still makes them effective.
Finally, next-generation firewalls and endpoint-based anti-malware tools can help block ransomware files before they can burrow into a system. While not 100 percent effective, these tools combine to slow ransomware and limit its spread.
To learn more about how to protect your end-user devices, check out CDW’s Mobile Security page.
All work is guaranteed!