Ask a Security Expert: Security Vendor Tackles Malware Attacks
Question: “What are you doing to prevent ransomware?”
– Kerry Grimes, Data Network Group, Inc.
Answer: Firstly, ransomware is a malware attack like any other malware attack.
It uses exploits and vulnerabilities to infect a device and then goes about infecting that device and encrypting files wherever it can.
Internet security vendors are paid by our customers to protect them, and we spend much of our time and effort in continually combatting and improving our defenses against all malware, including ransomware.
So to directly answer your question, we are doing all we can, all of the time, to improve our ability to prevent and defeat malware/ransomware and keep our customers’ devices from being compromised by any type of attack from the Internet.
This has meant that with the recent WannaCry and NotPetya attacks our customers were fully protected.
(By the way one could argue that NotPetya is not ransomware, as the files encrypted are not recoverable at all. Its aim was permanent malicious damage – not extortion.)
Ransomware is one of the biggest impact threats facing individuals and organizations.
So as with all IT Security, you need to look at what you can do to mitigate or to minimize the impact should you be infected.
The stark reality is that these were not the first, nor will they be the last, ransomware attacks.
First and foremost, you need to have installed a reputable and effective anti-virus/anti-malware software (AV).
Established and recommended anti-malware solutions have earned their users’ trust and will prevent most ransomware from infecting devices by using multiple defenses at different attack stages.
We call this defense-in-depth strategy, Multi-Vector Protection.
For instance, preventing and blocking phishing sites and other malicious online destinations before any malicious files can reach your device.
Another example involves identifying malicious files as they start downloading, but before they execute, etc.
But beware of free AV security; while they cover the basics, in the end, you get the quality of defenses you pay for.
Additionally, regularly back up your data offline.
A good rule of thumb, especially with the constant rise of cyberattacks, is to bear in mind that ransomware can hit cloud-storage services and network drives, so creating a physical backup and keeping it in a secure location (not directly connected to your network) will ensure your files and data will be recoverable.
When critical systems are involved in an attack, you need to look at your Disaster Recovery/Business Continuity scenario.
If it’s a malicious attack intended to cripple or destroy your business, then that level of protection will need to be in place to ensure the impacts are minimized.
Always make sure you are practicing good computer habits and cyber hygiene.
While some attackers may use complex malware to achieve their goal, many cybercriminals are looking for an easy way in.
They are having great success through simple phishing emails or due to poor password management.
Disabling Macros in MSOffice, changing your secure passwords regularly; keeping your operating systems and software continuously up to date all reduce the attack surface hackers use.
Training users to hover over a link before clicking it, to make sure they know the true end destination; and not opening unexpected emails from friends or unknown senders are all good practices.
George Anderson is director of product marketing at Webroot.
“Ask a Security Expert” is an occasional feature. Send tips and news to MSPmentorNews@Penton.com.