Ask a Security Expert: Early Ransomware Detection is Vital
Question: We get this question frequently. Assuming a ransomware attack makes it through any protection in place, what are the best options for early notification of the encryption activity?
– David Stokes, Greystone Technology
Answer: Today, cyberattacks are so frequent and sophisticated that endpoint defenses without access to broad, instant, and actionable security intelligence simply aren’t good enough.
Ransomware authors are pivoting their attacks from individuals to government agencies and health care institutions, creating serious threats to public safety.
Historically, crypto ransomware targeted individuals and encrypted their personal data and files as a small-scale extortion scheme.
However, as the recent WannaCry attack proves, cybercriminals now indiscriminately target businesses and government agencies with the goal of large financial gains and this can cause much more widespread disruption.
Without intelligent next-generation endpoint defenses in place, organizations are at risk of getting more regular infections and remaining ignorant of a potential breach until it’s too late.
Once your system is infected with ransomware, your options are very limited: pay or don’t pay.
And trust us, you’ll know if you’re hit with ransomware.
It is designed to launch immediately.
To avoid having to choose between these options, organizations must perform regularly scheduled backups of all important data, and have the backup drive stored off-network when not in use.
Depending on the type of ransomware, there may be other actionable steps organizations can take, but of course, preventing it from occurring in the first place should be top of mind for any organization.
In today’s threat landscape, effective endpoint ransomware prevention requires continuous monitoring of every individual endpoint and an immediate response to anything new or unexpected occurring on any device.
Infection dwell times of days, weeks, or months are unacceptable, as are forensics and audits that can detail the kill chain but are unable to break it.
The goal of all endpoint security is to mitigate attacks.
However, understanding one set of attack vectors will no longer let you stop the next attack.
Threats and attacks are too variable, polymorphic, and unpredictable.
Proactive mitigation, real-time visibility, and an immediate response are the only real defenses.
George Anderson is director of product marketing at Webroot.
“Ask a Security Expert” is an occasional feature. Send tips and news to MSPmentorNews@Penton.com.