Ransomware, 10 moves to protect

The theme Ransomware is increasingly topical. Such as drafting AnandTech has had the opportunity, this type of attack is difficult to predict and above all it is almost impossible to restore access to encrypted files after the infection took place. This is why the technology information sites have campito sensitize towards prevention. Today we do it by publishing this interesting content from Fortinet, a company that deals with network security, and which is responsible for innovative platforms and high-performance network security in order to secure and simplify the IT infrastructure of its customers. The article was written by Antonio Madoglio, SE Manager, Fortinet Italy.
What is ransomware?

Ransomware is a form of malware that infected devices, networks and data centers and prevents their proper use as long as the user or the organization does not pay a ransom to unlock the system. As a form malware exists at least since 1989, since the Trojans' PC Cyborg "crypto file names on a hard drive and forced users to pay $ 189 to be able to unlock. Over time, the ransomware attacks have become increasingly sophisticated and targeted, as well as profitable.

The overall impact of ransomware is difficult to calculate, since many organizations simply choose to pay to unlock their files, with an approach that, however, does not always prove farsighted. A report on the campaign of ransomware Cryptowall v3, released by Cyber ​​Threat Alliance last October, has estimated that the cost of that single attack amounted to US $ 325 million.

Ransomware can operate in different ways. For example, the crypto ransomware can infect an operating system preventing a device to boot. Other types of ransomware can encrypt a drive or a group of files. Other malicious versions feature a timer that starts to gradually erase the files until a ransom is not paid. In any case, all demand the payment of a ransom to unlock or release the system, the file or encrypted data.

Usually, infected users receive a message on your device screen, telling you that your computer is infected with a virus and gives the first indications to resolve the problem. In some cases, this alert is accompanied by explicit or pornographic images in order to motivate the user to delete it from your system as quickly as possible. But the common feature of every infection ransomware is the fact that the systems are put off line, returns critical data no longer available, the interrupted productivity and damaged business operations.
How it is infected?

If the ransomware can be distributed in several ways, the most common is to use an infected file, attach it to an e-mail. For example, it can happen to receive an e-mail apparently from your bank, containing the logo and the real URL link to the bank, in addition to the user's name. In the body of the message is spoken of detection of suspicious activities on the current account and therefore the need to install an attached file to verify the credentials. It all seems correct, but it is not: it is a phishing attack evolved.

It is proof of the fact that obviously no bank ever would send a file by asking you to install it, and certainly not to validate the credentials. On the contrary, the attached file is infected with ransomware, which is automatically loaded on the system if you accidentally click on it.

But the e-mail attachments are not the only mechanism of infection. The drive-by download - for example - is another malicious mechanism that occurs when a user visits an infected site and the malware is downloaded and installed without their knowledge. The ransomware also spreads through social media, such as instant messaging applications based on the web. Recently, vulnerable web servers were exploited as an access point to the network of an organization.

What can be done to stop it?

Below is a list of ten points it is good to consider to protect yourself and your organization from the effects of ransomware.

Develop a backup and recovery plan. Back up your system regularly and save it offline, on a different platform.
Use of professional security tools for e-mail and web, can analyze email attachments, websites and malware files and block potentially compromised advertising and social media not relevant to their business. These tools should include the sandbox feature, so that the new files or unrecognized can be performed and analyzed in a safe environment
Keep operating systems, devices and all the software and constantly updated with all patches.
Make sure the anti-virus tools, anti-malware and IPS devices and network are always equipped with the latest updates.
Where possible, create a policy of application whitelisting, which prevents the downloading or running unauthorized applications.
Segment the network into separate areas, so that a possible infection in a sector can not easily spread to others.
Establish and enforce permissions and privileges, so that the smallest possible number of users with the potential to infect applications, data, or critical business services.
Establish and enforce a security policy on the BYOD able to control and block devices that do not meet set standards of safety (lack of anti-malware, outdated antivirus, operating systems that require critical patches, etc.)
Implement forensic analysis tools so that, after an attack that you can test a) where it comes from the infection, b) how long it took office in your environment, c) you have removed everything from every device, d) it is You can ensure that you do not come back.
Last, and perhaps most important precaution is to not rely on their employees to ensure the safety of their company. If you need to raise the level of training to raise awareness among employees about the importance not to download files, click on attachments or follow links that appear in e-mail unsolicited messages; human beings are the most vulnerable link in the safety chain of a company and it is necessary to direct the security plans taking account of this constant.
The reason is this: first, for many employees, click on attachments and search on the Internet is part of daily work. It 'so hard to maintain an adequate level of security. Second, phishing attacks have become over time more plausible and convincing. A targeted phishing attack using online available data and information from social media profiles to customize an approach. Third, it is almost instinctive to click on an invoice, even if unexpected, when it comes from your bank. Finally, poll after poll, it remains clear that the users believe that the security they need to occupy someone else, not them personally. conclusions

Cybercrime is a business for profit that generates huge profits. As with most activities, even cyber criminals are highly motivated to find ways to generate new business. And to do that, using subterfuge, extortion, assaults, threats and persuasion tools to get access to critical data and resources.

Ultimately, the ransomware is nothing new. But higher levels of sophistication and distribution represent the latest element in the growing trend of finding new and unexpected ways to circumvent individuals and companies operating online.

Now more than ever, security is not an option but is an integral part of the business. It 'good to protect themselves by tightening security partnership with experts who understand the importance and do not consider it a mere tool. It is rather a system of highly integrated and collaborative technologies, which combine in an effective policy to an integrated approach, covering the preparation, protection, detection, response and learning.

Security solutions have to share the information they collect in order to identify threats and respond effectively everywhere, throughout the distributed environment. It 'also essential that these solutions are integrated into the network structure so that they can protect users constantly following developments and expansions of the environment. They must be able to dynamically adapt new threats as they are discovered. Finally, should not impede or interfere in any way with their main activities. In this case, they may prove to be a real business support element of a company.