[BreachExchange] An ounce of ransomware prevention…

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jan 2 19:06:39 EST 2018


In December, the Carroll County Sheriff's Office in Arkansas paid about
$2,400 worth of bitcoin to restore its systems after a ransomware attack
locked computer files. Earlier that month, Mecklenburg County, N.C., was
hit with ransomware attack, but refused to pay the attackers. Processes
were slowed, but the county could rely on backup data to rebuild the
systems, according to the Associated Press.

According to security experts, organizations can take relatively simple
steps to protect themselves from ransomware -- and to ensure that their
reponse can be more like Mecklenburg's.

The “vast majority” of ransomware attacks are the result of malware sent
through email, but it can also come from websites, worm-like behavior and
targeted attacks, according to Kevin Haley, the director of product
management for security response at Symantec. A quality email gateway is
important for scanning email and stripping out any executable files.

“That’s absolutely critical,” Jean-Pierre Auffret, the associate director
of the center for assurance research and engineering at George Mason
University. “People have been [using gateways] for years, but when we go
back and do surveys, we find there’s some people that still aren’t doing
it. You’re leaving a huge hole.”

It’s also important to patch endpoints, which is becoming easier with
endpoint management systems that allow IT managers to automate the process,
relieving users of the responsibility of keeping up with updates, Auffret

Like patching, backups are becoming more automated, and cloud services have
also made it easier, Auffret said.

These backups should be on the cloud or in a separate network and stored in
a different geographic location, which has the added benefit of being able
to survive a fire or other disaster, he said.

Backups should not be stored on drives that are also used for day-to-day
business. They shouldn’t automatically mount when a computer turns on,
either. If backups are stored separately, then people will be less likely
to access them and they’ll be more secure, Haley said.

“Cities and counties have become a somewhat popular target [for
ransomware], and many of them have limited budgets and limited IT
expertise, so it’s quite a challenge,” Auffret said.

Having backups doesn’t guarantee a quick recovery from ransomware, he said.
Restoring systems "can still take a while,” Auffret said. But organizations
won't need to pay ransom if backups are in place.

Localities that don’t have the IT resources of a large locality like
Mecklenburg County have some places they can turn to for help. There are
often resources available through the state government, and smaller
governments have found success in partnerships with their larger neighbors.
The Multi-State Information Sharing and Analysis Center also has resources
on best practices and tools, Auffret  said.

But the most important thing, is that people stop paying the ransom, Haley
said. “Really the way that we will end this problem is when we stop paying
to get our files back.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180102/6bf16570/attachment.html>

More information about the BreachExchange mailing list