Beware of Ransomware: It’s Alive and Well

Posted by Richard on February 12, 2019

Ransomware has mostly faded from the headlines since WannaCry and NotPetya wreaked havoc across the globe in 2017. The attacks sparked so much alarm that more people than ever are backing up their files, which effectively deadens a ransomware attack.
Even so, too many of us have short memories and, as WannaCry’s sobbing fades into a lousy memory, cyber security experts warn against getting lazy about backing up your files.
Too often overlooked is that ransomware is nothing new. The first instance of its threat was detected 30 years ago–in 1989–when an AIDS conference was “attacked” by floppy disks. Since then it has been a relentless duel of one-upmanship between the bad guys and the cyber security experts and researchers.
Although many cybercriminals target specific institutions and organizations, the reality is that most ransomware attacks are made at random. The bad guys will go after anyone with a computer–including you.
In 2017 Amit Serper, a principal security researcher at Cyberreason, became a hero for creating the first “vaccine” to slam the door on the devastating NotPetya attack. However, even as his vaccine was universally viewed as a shaft of light in the dark history of ransomware, Serper was warning of vaccines’ limitations. “They’re only useful,” he said, “to contain a specific outbreak.”
So what to do?
Back up off network. Then back up…and back up some more.
A comprehensive backup strategy can help blunt the force of a ransomware attack. A person’s information cannot be held hostage when it’s stored securely off-network.
Tejaswini Herath, an associate professor of information services at Brock University, urges a “tiered” or “layered” backup strategy that includes redundancy. Use devices not connected to the network, different media types, keep a copy off-site and encrypt your backups.
Even with cloud backup options, choose one with threat-protection features. Many ransomware variants, Herath said, can infect any attached drives or network files that are accessible, including cloud-based.
Also, consider employing some of the latest intrusion prevention products so you can be alerted of a breach and act quickly if one occurs.
According to Herath, too often enterprises continue to follow the “patch once or twice a year” philosophy. This practice, he said, can leave them at enormous risk considering the lightning speed of ransomware’s release.
In conclusion, Serper recommends that MSPs stay current with the vast amount of endpoint solutions available. At this very moment, he said, various next-generation products are being developed to prevent recognizable malware, identify hidden malware activity, and destroy the intrusive files.