How MSP-Managed Endpoints Can Deal With Ransomware
… extort money from the intended victim and successfully collect the ill-gotten gains after they have been sent.
“In traditional ransomware, it is easy to steal the victim’s money, but bringing the money to the criminals is the most difficult part,” says Nir Kshetri, Ph.D. and professor at Bryan School of Business and Economics, University of North Carolina at Greensboro. “Some international cybercriminals send it to people in the victims’ country. Or they recruit money mules to launder funds. Mules help move stolen money from one account to another. But the criminals engage in a risky strategy with low success. Ransomware solves many of these problems.”
The main cause of ransomware is bad guys who would rather hold files and systems for ransom than trying to steal information and resell it, according to Kujawa.
Defenses Against Ransomware at the Endpoint
Layered security is always the best defense against ransomware, according to security experts, especially if those layers are augmented by AI and machine learning to accurately detect and stop the newest ransomware samples from reaching and executing on employee machines.
“Email attachments are a common attack vector for infecting organizations by deploying fileless malware or scripts into tainted attachments,” says Liviu Arsene, global cybersecurity analyst at Bitdefender, an IT security software vendor. “Having a security solution that’s able to strip those attachments before they reach the employee and detonate them in a controlled environment is an ideal solution.”
Some ransomware samples may be delivered via unknown, or known but unpatched, exploits – such as could occur with open source – which is why it’s important for the security solution to have anti-exploit technologies along with patch management capabilities to ensure timely deployment of the latest security updates.
And while, typically, the most popular infection vector would be a phishing email, more often remote desktop protocol (RDP) is becoming an entry vector for targeted attacks on organizations, according to security experts. That heightens the importance of a tested backup/disaster recovery strategy.
“I had a call with a company hit by ransomware, and none of the backups worked and they did not have any security software in their environment,” says Raj Samani, chief scientist and McAfee fellow. “Good cyber hygiene is essential, but unfortunately many organizations neglect basic measures. For example, having a backup regime for data is imperative but testing and validating that good backups have been conducted is also important. Up-to-date security technologies and cyber awareness across the organization is imperative. Business losses can be significant if normal operations are not resumed in a timely manner.”
And the challenge to get organizations back up and running based on how MSP-managed endpoints deal with ransomware will get more difficult this year. For example, Osterman Research predicts that after a “soft” year for ransomware in 2018, this species of malware will make a comeback in 2019.
Overall, MSPs need to view ransomware with a holistic approach to security because not every system can be patched and many cannot have a security agent, which is often the case with embedded operating systems in non-standard devices, according to security solution specialists. “MSPs should be advising customers on network segmentation, stronger access and credentials controls, network traffic analysis, and deception to defend these systems against ransomware,” says Tom Clare, senior product manager, Fidelis Cybersecurity.
- Page 1
- Page 2