The ransomware surge that dominated headlines in 2016 shows no signs of abating. With experts predicting an uptick in targeted attacks in 2017, businesses need to make ransomware protection a priority.
In 2016, the FBI put a price tag on ransomware, noting that in the first three months of the year, it cost victims $209 million, putting it on pace to hit $1 billion by year end. And now, the agency says it expects 2017 to be even worse as new attacks grow:
- More targeted: Today, criminals choose their victims ahead of time, focusing on enterprises they know are vulnerable and likely to pay. They can then craft phishing email attacks or other malware delivery methods toward specific departments or employees, increasing the likelihood of success.
- Cheaper and easier to pull off: Open source ransomware kits and ransomware-as-a-service offerings are readily available today, meaning that just about anyone – even those with limited financing and coding skills — can launch inexpensive yet successful attacks.
The bottom line: With ransomware attacks set to grow in sophistication, frequency and cost, organizations must get their defenses in order. Fighting ransomware is ongoing and requires multiple layers of security. True mitigation requires a 4-step approach:
- Filtering malicious links/web sites: Most ransomware attacks deliver their payload either by tricking users into clicking on malware-laced links in phishing emails or luring them to malicious and/or hacked web sites, where they fall victim to drive-by downloads of malicious content. Putting web filtering in place with state-of-the art tools like Fortinet’s FortiGuard IP Reputation Service and FortiGate next-generation firewalls, enables organizations to judiciously and automatically block all links and downloads from known malicious/risky sites.
- Blocking command-and-control (C2) channels: Once launched, ransomware must “phone home” to the criminal to get its marching orders for encrypting the victim’s data, requesting the ransom and providing instructions for paying it. Services like Fortinet’s FortiGuard Anti-botnet Service continually monitor the network for traffic destined for known malicious sites and servers, identifying attacks and cutting them off before they get started.
- Preventing known exploits. Many ransomware attacks like Locky and Cryptowall use known attack signatures. By deploying a combination of intelligent antivirus (AV) and intrusion detection/prevention systems (IDS/IPS), organizations can ensure all known exploits are blocked before they gain a foothold.
- Sandboxing for zero-day threats: Many times, criminals tweak a known attack to try and sneak past defenses like AV and IDS/IPS. Putting an advanced sandbox in place lets organizations quarantine suspicious codes or URLs and test them in a separate, secure environment. Security teams can then evaluate the code for malicious behaviors, detonate hidden payloads and quarantine/delete malicious traffic before it enters the network. Sandboxes like FortiSandbox provide all those capabilities, plus the flexibility to deploy them on premises, as physical or virtual appliances, or in the cloud via a managed service.
A plan is only as good as its implementation. Ensuring that you have the right tools, in the right place at the right time is key to successful ransomware defense.
Get First-Hand Ransomware Protection Tips
To learn how you can tailor your deployment and get the most from your ransomware defenses, contact CCSI.