Posts

Three Ways to Protect Your Business Against Ransomware-as-a-Service

Last week I was at one of our sales offices in Utah. I heard an interesting story about how a dentist office called in to ask for threat prevention against ransomware. The dentist office had been affected by ransomware twice in a short period of time. Twice, they paid the ransom to ensure business continuity and customer retention. This is a common story across many small to medium-sized businesses (SMBs) though we seldom hear about them in the media.

According to a study conducted in June 2016 by Osterman Research Inc., 30 percent of the ransom amounts demanded are $500 or less, reflecting the size of businesses affected by the attacks. SonicWall’s GRID threat research team has seen massive increases in ransomware infections for 2016, mostly coming from small and medium businesses. A new variant of ransomware, Ransomware-as-a-Service (RaaS), designed to be user friendly and deployable by anyone, can simply download the virus either for free or for a simple fee.

Ransomware-as-a-Service

Even simple measures can help protect against ransomware. Here are three ways:

Training

The same study shows that 67 percent of U.S. cyberattacks originate via phishing through emails. Organizations requiring employees to do security awareness training once a year at least are less likely to get infected than companies that do it less frequently. Training alone is not sufficient, but can provide the necessary first line of defense for a lot of businesses.

Data backup

Ransomware exists because organizations keep paying the attackers for their data.  With a good data backup infrastructure, businesses can redeem itself quickly by cleaning up their network and restoring the data from backup.

Technology

Advanced threats like ransomware attack all kinds of businesses. After multiple attacks, a big business can revive itself and get back on track. However, SMBs cannot afford such multiple attacks. Small amounts paid multiple times can quickly add up, and result in closure of a small business. It is even more important today for SMBs to invest in strong and advanced security solutions available through next-generation firewalls.

SonicWall firewalls have been protecting SMBs all over the globe for more than 25 years. With the comprehensive SonicWALL Gateway Security Suite providing gateway anti-virus, URL/web filtering and intrusion prevention services, businesses were protected 24x7x365 against known malware. With the recent increase in unknown malware and zero-day threats, the new Advanced Gateway Security Suite (AGSS) includes SonicWall Capture ATP,  a multi-engine network sandboxing solution, providing advanced threat protection to all SonicWall firewalls including the TZ Series for SMBs.

Discover best practices and download our solution brief: How to protect against ransomware.

Use the Advanced Gateway Security Suite from SonicWall.

Retail Networks at the Forefront – Have a Plan and Check Out SonicWall at NRF Retail’s the BIG Show

The data is still coming in, but it’s looking like consumer spending this holiday season will once again outperform previous years. Multiple research firms including the National Retail Federation (NRF) are predicting a growth in sales over the same period in 2015. Credit card vendor Mastercard is forecasting a 19% increase in online sales over the holidays. Increasingly, much of that shopping has transitioned from traditional brick-and-mortar stores to online. E-commerce continues to grow each year. For example, Deloitte is projecting a 17-19 percent increase in online sales between the beginning of November and January 2017.

Not all the news is good however. Major retailers Macy’s, Sears and Kmart announced recently that each will be closing a number of stores across the country due to lagging sales. Some of this may be attributable to the shift in how consumers make their purchases. With the rise in online shopping, whether through a PC or mobile device, fewer buyers are braving the crowds and winter weather to drive to a physical store, especially over the holidays. Instead, they turn to the web to search for the best deal they can find online. Therefore, having a robust digital storefront for secure e-commerce is an essential piece of any successful retail plan.

Another key component of the retail plan is securing the network from threats such as breaches and ransomware. Over the past few years numerous high-profile retailers have been in the news as hackers have gained access to supposedly secure customer data including credit card numbers. If you’ve never been the victim of identity theft, count yourself lucky. Over the holiday season the number of attacks typically goes up as hackers know consumers will spending more time online researching gifts and making purchases. Or, they will make that purchase in person at the store. Either way, this represents a good opportunity for hackers to target retail networks. And, while it’s the big vendors that make the headlines, smaller retailers aren’t immune from these attacks. In some ways they are more vulnerable as many don’t have an IT manager who is responsible for network security.

The onus to protect against the loss of confidential information falls on both consumers and retailers. For each there are steps that can be taken to safeguard against threats.

Consumers

  • Pay in cash at the store
  • Use a chip-enabled credit card whenever possible
  • Change account passwords frequently

Retailers

  • Implement chip card readers in your store(s)
  • Deploy a next-generation firewall that uses advanced security technologies including sandboxing and SSL decryption and inspection
  • Make it a policy to change employee and account passwords regularly (And don’t use “password1”)

Want more information on securing your retail network? Coming on the heels of the holiday shopping season is what’s been dubbed “NRF Retail’s BIG Show”. It’s the National Retail Federation Convention and EXPO in New York City, January 15-17. The event features a wide variety of industry-focused discussions from retailer leaders. Over at the EXPO you can talk directly with vendors who offer products and services for retailers. Don’t miss SonicWall’s booth #2535  on the EXPO floor where you can talk to our network security experts about our next-generation firewalls and SonicWall Capture Advanced Threat Protection sandboxing service, a CRN Products of the Year award winner.

In addition, SonicWall Systems Engineer Sr. Manager Bobby Cornwell and Sr. Product Marketing Manager Kent Shuart will present “Compromise vs. Protection: A ‘Cybercriminal’ and Network Security Technologist Face-off.”

Where: Room 2, Level 1 of the EXPO Hall

When: On Monday, January 16 at 1:30 pm. Join this discussion for a demonstration showing how the next generation of malware can be used against your retail organization and what you can do to protect your network and your data.

See our new Retail Security infographic and download: Network Security for Your Retail Business.

SonicWall Capture ATP Stands Up Against Malware Test

What would happen if you gathered five days of newly discovered malware and unleashed it upon an end-point protected by SonicWall?

I have been working with SonicWall firewalls for 10 years, and I was beta testing SonicWall Capture as part of my role here as an escalation engineer. Since we are big believers in drinking our own champagne, I was testing on my home network. I logged in and stared at it for days but it just did nothing. I was starting to get concerned. Did it just not work? Was there a bug? I was sure it was configured properly, but still – nothing. Then I realized I was not downloading anything malicious enough to trigger it. My wife does Facebook and the banking I hangout on sites like blog.sonicwall.com. The cat does hop on the keyboard at times but other than that, we’re not downloading much malware.

I hatched a plan to download as much malware as possible. I scoured the internet and found a python script that did exactly this. It was a bit broken and I had to hack it up a bit to make it work, but in no time I was downloading thousands of potential viruses at a time. Super excited, I logged back in and navigated to the Capture feature and found that it actually did something: it analyzed two files and tagged them as clean.

This was making me sad, so I started digging a little deeper. After combing through the logs, I determined that the vast majority of what I was trying to download was being caught by all the other security services. As an example, some of the files were hosted on known botnets so they were blocked by the botnet filter before they even had a chance to hit the Capture engine. I turned off all the security things and ran my script again.

Once again, I logged into Capture with my fingers crossed and lo and behold, this thing was lit up like a Christmas tree. “OK so now I know it works,” I thought to myself. Next, I dug around a little bit and once I was satisfied, I shut my script down. Every time I tested a new firmware version I fired up the script to verify that it worked and then shut it down again.

A few weeks ago I was running the script, putting SonicWall Capture Advanced Threat Protection (ATP) through a rigorous test and I showed a few people, who showed a few other people, who thought it would be a good idea to show it to you guys.  The result of that is this video with an awesome introduction by my buddy Brook Chelmo, SonicWall Capture’s senior product marketing manager. Brook is great at explaining all the bits and pieces that make this work. Just watch the video and you’ll see what I mean.

[embedyt] http://www.youtube.com/watch?v=vzSJtuLwiIA&width=600&height=400[/embedyt]

In order for us to get the maximum number of malicious files, we turned off several safety mechanisms (e.g. botnet filtering) on the SonicWall next-gen firewall management console and ran a python script that pulled potential malware from a number of sites. The results were outstanding, and we identified a number of pieces of malware that were previously unknown to us and that would not have been caught without SonicWall Capture ATP.

Learn how SonicWall Capture ATP Service eliminates malware through the technology chain from the internet to the end-point. This is a security service you can purchase for your SonicWall next-gen firewall. Although most of the potential malware was stopped by SonicWall Gateway Anti-Virus (because it was known to us), a handful of malicious code was discovered by the SonicWall Capture ATP network sandbox.  The video above dives into the reports generated for malware discovered in sandbox pre-filtering, as well as SonicWall Capture ATP’s multi-engine processing.

Prevent Ransomware Threats: Simple Online Shopping Safety Tips for New Year’s Deals

My guess is that if you are reading my blog, you are doing some of your new year shopping online.  What I am concerned about is what the shopping season means to cybercriminals and how you can protect your network.  This season, give yourself the gift of the Human Firewall and learn how to protect yourself.

Here are my key concerns:

  • Credentials stolen through credit card theft
  • Ransomware activated by clicking on a fake email link or a suspect website

Keeping yourself safe from these attacks is a matter of building your virtual street smarts.  I know many are looking for the best deal, but be wary of where you go to do your shopping.  I can envision sites popping up that advertise that they have, IN STOCK, that hard to find, specific item you want.  You go to that site, click on a link and, WHAM! You get a virus, or worse: ransomware.

Maybe you are lucky and avoid that site, but your credit card information is stolen from a legitimate site with a compromised shopping cart, or from an email scam.  How do you protect yourself? Be sure to read the tips in the ransomware blog by Bill Conner, President and CEO of SonicWall.

  1. Make sure your anti-virus software is up to date.
  2. Do NOT click on attachments or links from emails where you do not know the sender.
  3. Consider incognito browsing, which allows you to browse without storing local data and passwords that could be retrieved at a later date. This is especially important if anyone else uses your device.  (Incognito browsing also helps if you do not want anyone to know what cool gifts you purchased.)

If you are a business looking for insights, don’t be lulled by the feeling that you do not have anything of value to steal.  Every business has something a cybercriminal wants: your employee information, partner information, intellectual property or just the access to your bank account.  You can add to your business’ level of protection by taking a few simple actions:

  1. Do not give broad access to temporary employees. If they need to access the POS system, give them rights to only that area, rather than carte blanche access to your whole network.
  2. Make sure all the protection features of your next-generation firewall are turned on. If this slows your network down, consider a post-holiday upgrade to something better.
  3. When in doubt, ask for help. If you do not know how to implement any of these strategies, find someone who does. If you have not done this yet, take a look at the PCI security guidelines.  They provide a great starting point for protection.

There are many things that you can do to protect yourself and your business during the action-packed season.  I wanted to cover a few that you may have missed in the face of shopping New Year’s deals.  Celebrate the season and the best to you all in the New Year.

Download our eBook: “8 Ways to Protect Your Network Against Ransomware

Ransomware Can Cost You Millions; Is Your Network Secure?

Recently it was reported that in April 2016 an employee at Michigan-based utility company BWL opened an email and clicked on a malicious attachment laden with ransomware. The result? It shut down accounting and email systems as well as phone lines, which lead to a costly and laborious week of recovery.

The cost?  $2.4 million.

Let That Sink in for a Second.

In a separate case, the $800K ransom heaped upon the City of Detroit by hackers in 2014 served as an anecdotal warning of the potential for this class of malware.  But in the BWL case, only $25K was actually paid to the attackers with 99 percent of the costs related to technology upgrades and people responding to the attack.  To save you on the mental math, the actual ransom was about 1 percent of the total costs. This could be the setting for a modern proverb based on For Want of a Nail.  The silver lining is the improvement of the utility’s security and the overhaul of its IT communication policy.

What Does This Teach Us?

For all the talk of cost of the ransoms levied upon victims, the impact is much greater.  In this example, it cost the organization in lost business, impact to the customer experience, and even more on the human resources side. It also serves as a poster child for ineffective spam management and phishing prevention.  Ultimately this problem is happening around the world and despite the best intentions at stopping ransomware, it still persists.

What Do You Do If You Are Hit?

First of all, don’t panic.  By default, you need to consider not paying the ransom and find a way to restore systems and data without giving in.  Otherwise, it’s like feeding a feral cat; hackers will be found on your doorstep the next day. Simultaneously, you need to restore systems, discover the point of origin, and stop follow-on attacks.  This is where the backup and security stories combine.

In the case of BWL, it took a lot of human resources and two weeks’ worth of time, most likely because the utility was not prepared for this type of attack.  In your case, find the point of origin and restore a backup from before that event.

But What About Stopping Follow on Attacks?

Before the Firewall

I would like to say that out there is a single solution that will solve this but that isn’t completely true.  In short, the answer is education, security and backup.  The first thing to do is to build the human firewall; teach your employees not to click on attachments or links in suspicious emails, especially if you deal with payments.  This is just the first step; a recent Barkly study stated that in their data set, 33 percent of ransomware victims had already undergone security awareness training.

Additionally, think long and hard before hanging “blamable” employees out to dry.  It may be shortsighted to fire or reprimand an employee for unleashing malware unless they were clearly going outside the boundaries of ethical/lawful internet usage (e.g. browsing adult sites, downloading pirated material, etc.). In many cases, ransomware comes through a cleverly crafted phishing email, and given the fact that BWL’s accounting and email systems were taken offline, I’m assuming an accounts payable person opened an attachment from a hacker with an “unpaid invoice.”

When it comes to technology, you need to have a multi-layered approach to eliminate malware as it approaches your environment.  Look at the image below and you can see how SonicWall stops ransomware via web and device traffic.  In the case of watering hole attacks (e.g., downloading malware from a website), SonicWall Content Filtering Service (CFS) blocks millions of known malicious sites to help remove major sources of pulled malware from the equations.  After this, deploy SSL/TLS decryption to help you see all traffic.  Four years ago, the percentage of traffic being encrypted was very low by comparison today.  Forget the advertised malware-catch-rate of a vendor’s firewall and sandbox; if they can’t inspect 50 percent of traffic, it’s like locking and guarding the front door while leaving the backdoor open.

The Firewall and Capture ATP

If you are using SSL decryption, now all of the traffic coming into your organization can be viewed by your firewall.  Hopefully, this is a modern device that can inspect every byte of every packet to look for threats and approve files quickly.  In the case of device traffic, it hits the firewall and should be directed to your mobile access or VPN appliance to decrypt data and control access to only approved device IDs.  This traffic should be sent back to the firewall to begin its journey along with web traffic, through a gauntlet of rapid security measures.

The firewall and VPN appliances are the hardware portion of the equation with the firewall being the keystone of it all.  Firewalls are defined by their services because they do a lot of the work at removing malware from your internet traffic.  Traditionally, gateway security and anti-virus follow the firewall looking for malware based on a set of signatures; meaning this is how you eliminate known malware.  Point in case, SonicWall eliminated nearly 90 million ransomware attempts in the month of May 2016 using this same technology. Malware is used over and over again and may be seen thousands of times within an hour of its release.  Leveraging a cloud-based signature engine will enable you to have better protection against newer threats.

After going through gateway security, many networks leverage a network sandbox, which is an isolated environment to run suspicious code to see what it does.  This is where a lot of unknown malware is discovered and stopped.  Network sandboxes have been around for a few years now but hackers have found ways to design malicious code to evade their detection, which is why some analysts recommend leveraging multiple sandboxes from multiple vendors to see as much as you can.  I recommend using SonicWall Capture Advanced Threat Protection (ATP) multi-engine sandbox that combines virtualized sandboxing, hypervisor level analysis and full-system emulation to help see what potential malware wants to do from the application, to the OS, to the software running on the hardware.  Since ransomware variants are redeveloped throughout their lifecycle, it is important for sandboxes to create cloud-based sharable hashes for every version possible to block follow-on attacks and shorten the lifespan of ransomware. Through this process a lot of malware is scrubbed out from the point of origin to the server.

Endpoints and Backup

Although this setup is highly effective, you will need to maintain a healthy endpoint protection strategy.  Anti-virus for endpoints is still important, but today it is easier to manage than before.  Leverage an enforced anti-virus technology that doesn’t allow employees to access the internet through a web browser without up-to-date endpoint protection.  In these cases, employees are directed to a download page to update their anti-virus software before they can go and click on that suspicious link in email.

Lastly: back up, back up, and back up some more.  Ransomware exists because organizations keep paying the attackers for their data.  If a ransomware attack evades the common sense of people and the fortifications of your security infrastructure, you can simply wipe the device or server clean and refresh from your back up.

Download our solution brief: How to protect against ransomware.

Beware of Email Scams and Ransomware This Holiday Shopping Season

The 2016 Holiday shopping season is well underway, and we are poised for a record-setting year.

The National Retail Federation reports that over 154 million consumers shopped over the Thanksgiving weekend, up nearly 2% from 2015. A very telling statistic highlights the brick-and-mortar vs. online shopping trend: the survey found that 44% of shoppers went online, whereas 40% shopped in-store. And, the large concentration of retail commerce over the weekend was heavily influenced by which day it was. For those consumers that skipped the in-store crowds and opted to shop online,

  • 74% shopped on Black Friday (up 1.3% from 2015)
  • 49% on Saturday
  • 36% percent on Thanksgiving
  • 34% on Sunday

The mad rush to shop online these final weeks of the year is a financial boon to online retailers hoping to close a strong year – and to spammers and cybercriminals hoping to cash in as well with ransomware, phishing, and malware traps. Earlier this month our President and CEO, Bill Conner, wrote a blog with some great guidelines to protect yourself and your organization from emerging threats.

HOLIDAY RUSH
The holidays can be a frenzied time for anyone – whether it be last minute shopping, arranging or attending parties, or making last-minute travel plans. It’s equally busy at work, as you try to wrap up projects or complete financial planning, all before the holidays. The holidays are a time to sit back and relax, but only after necessities are taken care of – the calm after the storm. But if you’re not careful online, cyber-criminals are ready, and waiting.

OH, YOU BETTER WATCH OUT…
Employees and consumers can take a variety of precautions to protect their personal and corporate assets when shopping online. One of the simplest ways to protect yourself is to use separate work and personal email addresses for your online transactions. Avoid using the same email address for both work and personal items. Additionally, make sure your password is unique and difficult to guess – making things more difficult for cyber-criminals.

According to Google, an ever-increasing number of online shoppers used their smartphones to make purchases. And, this increased usage is accompanied by an increased online time – on Black Friday shoppers typically spent between 35 – 90 minutes visiting online electronics stores.

But in addition to online shopping, users continue sending and receiving emails at a record pace. According to the Radicati Group, the number of emails sent and received per day exceeds over 205 billion, and this volume is expected to reach over 246 billion by 2019. This confluence of accessing email or online shopping anytime, anywhere, is incredibly appealing. And corporations are now susceptible to an emerging threat: Ransomware attacks, where cybercriminals access confidential information, and extract payment to return this data. Even though ‘tis the season, you should still proceed with the utmost caution!

SEASON’S GREETINGS
Following are some recent trends and spam messages the SonicWALL Threat Research Team has identified this season:

  1. A personal letter from Santa to a loved one (phishing emails attempting soliciting your personal info) is the most common email threat detected this year.
    Phishing Email Scam
  2. Holiday deals from unknown sources, leading you to survey sites in hopes of getting you to divulge your personal info.
    Phishing Email Scam
  3. Year-end tasks including annual health-care enrollment, renewal of insurance, etc.
    Phishing Email Scam
  4. Gift cards are one of the fastest growing categories this year and we see similar growth in first card related spam and phishing emails.
    Phishing Email Scam

These examples are a small sample of what you might experience over the next few weeks. To help you this holiday online shopping season, below is a refresher on what you can do to not fall prey to these grinches:

  • Don’t click on URLs in emails [especially on Mobile devices] without checking its full path and understanding where it is leading to. This is especially important when connected to a public Wi-Fi. Staysafeonline.org has issued an infographic  on mobile security and elaborated this topic further.
  • Don’t download any plug-ins from the email link itself. Go to the vendor’s (Adobe, Microsoft etc.,) website to download plug-ins
  • Be wary of enticing online offers – especially if you’ve never heard of the business
  • Last minute upgrade requests from IT – upgrades are usually done with advance notice and communication

To test your knowledge, take this quick SonicWall Phishing IQ Test and avoid the holiday blues!

What’s Your E-rate Plan? Three Things to Consider

A few weeks ago one of my sons got a new Chromebook at school. The old one had been around for a few years and was rather outdated in terms of the technology. The new version has a touch screen and can be used as a laptop or tablet. Not exactly new to anyone in the tech world, but for a kid it’s pretty exciting. From the school’s perspective, it was clearly time to replace aging hardware and take advantage of the latest technology innovations for learning. In other words, the school had a plan.

Schools and libraries applying for E-rate funds also need to have a plan. I’m not talking about figuring out who is going to complete and file Form 470 and when it should be submitted. This is about understanding your current network infrastructure and how you will use the funds to build a better, faster version that delivers on new initiatives over the next few years. When you’re building out your plan, here are three things you should consider.

  1. Look ahead three to five years. Considering how fast technology changes, three years will keep you on top of new developments although five years is more practical from a cost perspective. E-rate Category 2 services such as firewalls, routers, switches and access points continue to evolve rapidly with new features and faster speeds. For example, today’s firewalls can block threats such as ransomware that the previous generation can’t, and those legacy firewalls are only a few years old.
  2. Don’t let hardware slow you down. The use of online learning in the classroom continues to grow. So too does the use of bandwidth-intensive apps. When evaluating products that will go into your infrastructure, understand how much of your current capacity is being used. Then buffer that by 20% to 30% to plan for future growth. Just as important, make sure any hardware you look at can handle the increase in bandwidth. Otherwise it can become a bottleneck in the network.
  3. Let someone else manage security for you. Something that schools and libraries may not be aware of is that they can outsource security as a Managed Internal Broadband Service within Category 2. This covers services provided by a third party for the operation, management, and monitoring of eligible broadband internal connections components. The good news with this approach is that you won’t incur any upfront capital expenditures, you typically pay a low monthly subscription fee and you have a predictable annual expense model.

School IT directors are frequently tasked with implementing initiatives that help enhance learning in classrooms and across school districts. Often, however, they have to say “No” due to security risks that opening the network poses. So how can IT become a “Department of YES”? When building your plan, look for E-rate eligible products that support initiatives such as secure access to resources, mobility, moving to the cloud, compliance and others. If the products you’re considering can’t enable these securely, then you don’t want to spend your valuable E-rate dollars on them. To learn more about E-rate and how it can be used to purchase eligible security products for your network, read my earlier blog on the topic.

For some schools building and maintaining a security infrastructure isn’t something they can or want to take on. If that’s case for your school or district, SonicWall Security-as-a-Service may be the answer. We’ll connect you with a SonicWall-certified partner who’s experienced at installing, configuring and managing a network security infrastructure.

To learn more about SonicWall and E-rate, read our white paper titled, “Technical Considerations for K-12 Education Network Security.”

Infographic: 300 Companies Defend Their Data from Zero-Day Threats with SonicWall Capture

To understand how SonicWall Capture Advanced Threat Protection Service (ATP) protects the average company we looked at the data for 300 networks. SonicWall Capture ATP examines suspicious code and files to discover never-before-seen zero-day attacks.  So, in one day, how many of these new variants did Capture find?  See the infographic below to see what you could be up against without it. Read more about SonicWall Capture in my earlier blog: We are Sparta; the Battle to Defend Our Data From Invaders. Already a fan of SonicWall Capture? Share the infographic with your followers.

Infographic on zero-day threats

Seven Ways to Help Avoid A Ransomware Crisis

The popularity and use of ransomware appear to be spreading at record pace in 2016 as cybercriminals are actively using ransomware to hold businesses, institutions and even individuals hostage. No one is immune to this sort of attack. If you’ve been following the news, you’re probably aware that authorities and security experts are calling this the new crisis in cybercrime today.

The rise of ransomware within the hacking economy can be attributed to how simple and fast attackers can potentially capitalize on thousands or millions of their victims in a short period of time as opposed to a targeted attack, which requires more work and time to monetize from a single data breach. To date, the SonicWall Threat Research Team has observed a 78% growth in ransomware variants over 2015. With recent discovery of the new “DMA Locker” in the wild earlier this month, the team found that organizations are hit by a range of highly active ransomware including:

  • CryptoWall (considered most dangerous and used so far)
  • TeslaCrypt
  • TorrentLocker
  • PadCrypt
  • Locky
  • CTB-Locker
  • FAKBEN
  • PayCrypt
  • DMA Locker

Below is a visual sample of the DMA Locker to help give you a good idea what an infected system looks like. A quick search using the bitcoin address “1C8yA7wJuKD4D2giTEpUNcdd7UNExEJ45r” on the www.blockchain.info website shows that the same bitcoin address has been used in multiple transactions. This indicates that thousands of dollars have already been paid out by victims since its introduction.

Visual sample of the DMA Locker on the left and bitcoin address screenshot on the right.

With thousands of daily ransomware attacks, your success in maintaining normal operations is paramount towards the achievement of your business objectives. So it’s best to conduct routine security reviews, and take any and all necessary steps to improve your cyber-defenses and prevent ransomware from spreading across your networks. This is a risk that can easily be mitigated by following these seven recommendations:

1. Training and awareness

It’s imperative to put some governance policy in place to make certain everyone in your organization is educated about the dangers of ransomware and trained to identify methods cyber-criminals use to compromise devices, through social media, social engineering, suspicious websites and downloads, and various spam and phishing scams.

2. Email security

Since phishing emails are predominantly used by attackers to distribute ransomware, you want to deploy a capable email security solution that can scan all attachments for malicious content and isolate all files embedded with ransomware.

3. Use a multi-layered approach to network security

Cyber-criminals are very good at using the latest exploit kits and web vulnerabilities to infect systems and devices with ransomware. Enhance your security posture by eliminating siloed security architecture. A more effective way is to employ an adaptive cyber defense platform that leverages multiple integrated threat prevention capabilities to provide many different ways to break the malware infection cycle, including advance threat protection, gateway anti-malware, intrusion prevention and other available network-based security services.

4. Secure the endpoints

Mobile devices are particularly targeted as reported in the 2016 SonicWall Security Annual Threat Report with the emerging ransomware threats on the Android platform. So, do everything possible to make sure all your mobile endpoints are secured as they can be because devices of this sort are frequently outside and external to your network without firewall protection. There are many good endpoint security options to satisfy your risk tolerance. At a minimum, you would want to consider layering your protection with patch management, web content filtering and signature-less anti-virus (AV) software that uses advanced machine learning and artificial intelligence to detect advanced threats on top of your traditional signature-based AV solution.

5. Network segmentation

Ransomware attacks always look for opportunities to spread from the endpoint to the server/storage, where valuable primary and secondary data are stored. Imagine the potential harm done to an organization if cyber criminals were able to gain unauthorized and unchallenged network access and freely move laterally within its unsegmented networks. To contain and mitigate threat propagation during an attack, it’s essential that you keep your critical applications, data and devices isolated on a separate networks or virtual LANs to prevent the spread of an attack.

6. Backup and recovery

A California-based hospital recently paid approximately $17,000 to recover its data from a ransomware attack by obtaining the decryption key to quickly return its administrative functions to normal capacity. This unfortunate incident provides an opportunity for us to learn from other misfortunes. Another safeguard against having to pay the ransom is a speedy, reliable backup and disaster recovery (DR) strategy that allows you to restore full operation with minimal disruption. Make sure the solution allows you to automatically perform testing and verification to ensure data is restorable and recovery service level is met.

7. Encrypted attacks

Not long ago, Yahoo users were targets of one of the largest malvertising campaign after a criminal entity bought an ad space on Yahoo’s website in order to plant malicious ads with the purpose of installing ransomware on users’ computers visiting the site. The redirection code planted in the malicious advertisements used SSL/TLS encryption, which made it difficult for traditional defense systems to detect.

If you’re currently not inspecting HTTPS traffic, then you are effectively blind to any attacks utilizing SSL/TLS. Therefore, it is absolutely essential that you deploy the next-generation firewall that has a high performing SSL inspection engine to rapidly decrypt and inspect all internet traffic coming from or going to clients for threats hidden within those SSL sessions.

For more detailed information, I recommend you to read our technical brief: “How to protect against ransomware.”

Beyond “Seven Layers”: Local Network Protection from Global Threats

Last week my colleague, John Gordineer posted a blog entitled “Seven layers of protection from hacked websites“. This blog goes further in examining how you can be protected from threats that can emerge from the other side of the globe.

If you have kids, you often find out that a virus is running through the school when your child comes home with it. The internet is a lot like the school playground; it’s a notorious place for catching nasty viruses. Just like on the playground, the most common pathway for distributing malware is through the internet. As with playground viruses, you can’t predict what virus strain your network will get. One of the ways cyber-criminals avoid detection is to simply modify the existing code. Criminals can then leverage legitimate websites to test whether malware detection engines will recognize it. When the code is sufficiently modified, so that it’s no longer seen as malicious, voilà, you have new malware. Consequently, new threats are popping up around the world every hour, night and day.

Today, the sale of cyber-criminal tools is a thriving business with pricing models ranging from outright sales to time-based rentals. For example, an online banking malware called SpyEye could have been obtained (the creators were caught and prosecuted) for $150 which included three months of free hosting. Like other software it included updates, patches and technical support. Another cyber-criminal technique is the spread of botnets, which are a vast network of computers used to transmit malware to other computers on the internet. The botnet is manipulated by a command and control (C&C) server, which can send out thousands of emails linked to malicious software.

Global threats require global security solutions

With cyber-criminals continually upping their game, there are some specialized tools for reducing the chance of being compromised.

With GeoIP filtering, each packet of data contains an IP address identifying where it is coming from or going to. These IP addresses have been allocated to specific countries. For example, Tajikistan has less than 50,000 IP addresses and North Korea only 2,304. China on the other hand has 333 million and the US leads the list of addresses with over 1.6 billion IP addresses. (“Allocation of IP Addresses by Country.” CIPB –. 1 Apr. 2015. Web. 1 Apr. 2015.) Blocking IP addresses from countries you don’t do business with limits the ability of botnets to infect your network. In case your network is already compromised, it is good practice to block traffic leaving your network.

Here are some important GeoIP defense strategies:

  1. Filter all incoming and outgoing communication to a particular country or region.
  2. Make sure your firewall provider is an organization that can identify threats globally.
  3. Hire an IT service provider who can react quickly to protect your network.

Global presence. It is an old adage that you can see further when you stand on the shoulders of giants. As far as malware protection is concerned these giants can be defined by the number of sensors a security organization deploys. With the intricately connected world that the internet brings us, malware that originates in Thailand takes only a couple of clicks to find its way onto your desktop. The best defense is to employ an IT security company that has both in-house security research and is a recognized leader in the industry. It is their in-house resources that allow the best security companies to identify malware early and protect your assets before it spreads. These are organizations that can see further because they have millions of sensors around the globe.

Rapid reaction. Seeing further is only half of the equation; you also need to react faster. Cyber-criminals rely on slow response to steal from you. The security industry is addressing this issue. When Microsoft identifies a threat and communicates it to the security community, it also tracks how quickly the security organizations create protection from the threat. Microsoft’s Active Protections Program (MAPP) shows the partners who respond quickly. Is your firewall or antivirus provider on the fast responder list? How rapidly your security partner responds can give you an indication of their effectiveness in protecting you from emerging threats. The security of your business depends on sophisticated global protections that will help reduce your chance of being compromised. Geographic protection comes in two flavors, filtering out traffic by geography (GeoIP filtering) and having an IT service provider that operates globally and reacts immediately to emerging threats.

If you want to learn more you might start by reading SonicWall Security’s new eBook, “Types of Cyber-Attacks and How to Prevent Them”. Follow me on twitter @KentShuart.