The Core Technologies that Stop Ransomware
by Sean Curiel, on Jul 12, 2021 5:33:00 AM
Ransomware is big business for cybercriminals worldwide, targeting businesses of all sizes. Cyber insurance companies are reporting skyrocketing rates of ransomware infection year over year. But an outcome of hijacked data is not a foregone conclusion. Businesses have a wealth of technologies at their disposal that can stop ransomware dead in its tracks or render it harmless. These technologies also provide managed service providers to deploy solutions that secure client data and keep customers productive. Today we look at the core ransomeware prevention and mitigation technologies.
Signature-Based (Pattern-Based) AntiVirus
Traditional antivirus software uses virus signatures, a type of digital fingerprint composed of various bits of data or code, that allow threats to be identified. When using this technology it’s best to find software that is continually updated to block known malware, spyware, and ransomware. As threats become more elusive, it’s been reported that a majority of malware is now slipping past traditional detection methods. While the inability to detect unknown attacks is a weakness, having this technology in place certainly doesn’t hurt.
Behavior-based antivirus may detect other threats by analyzing traffic and activities across the network using machine learning and AI to pinpoint and block unusual processes. This type of technology may be integrated into various network monitoring tools, solution and intrusion prevention (SIEM), and intrusion prevention.
Managed Detection and Response
In addition to the detection capabilities offered by behavior analysis, some dedicated security tools offer advanced features to track, isolate and remedy dangerous activity. This may include
ransomware canaries - files that detect changes, the ability to monitor for malicious footholds, and even the services of live human threat hunters.
SIEM (Security Information and Event Management)
SIEM aggregates data from multiple systems and devices (servers, users, ports, IoT, firewall logs, security applications) and performs a real-time analysis. Suspicious activity is identified and compared to global intelligence to detect potential threats, prioritize and categorize them. This also builds a history of reported events for security teams to investigate and respond to. This advanced logging helps to demonstrate regulatory compliance for such regulations as HIPAA, GDPR, PCI-DSS, etc.
Even poorly made Ransomware from years ago continues to infect systems today. How? By exploiting unpatched systems. As the number of devices per employee is growing it becomes more challenging to monitor all these potential access points. Administrators need full visibility and real-time insight into potential vulnerabilities. Some patch management functionality may be built right into your RMM, while dedicated solutions facilitate the updating of remote systems, all without the need for a VPN.
Ransomware attacks often begin with an innocuous-looking email. Historically, identifying these emails “by eye” was rather easy. Modern methods impersonate family, coworkers, and business partners. A powerful email filtering solution looks at all email content for abnormal patterns, block malicious URLs and stop attachments that are designed to gain a foothold.
Web Content Filtering
Employees may download malware or malicious code while visiting risky websites. This opens the door for hackers to deploy ransomware. Content filtering protects users by blocking access to problematic sites. But blocking modern threats requires solutions that closely examine DNS information, website activity, content, and more.
You may have noticed that everything up to this point has been preventative, and these layers of security are something we strongly encourage. However, as no cybersecurity defense is 100% infallible, we must also take measures to remove a threat and provide a quick return to business in the event of infection. A reliable backup with copies of data stored locally, offsite, and in the cloud, offers the opportunity to restore all data to its previous state. Disaster recovery functionality can restore operating systems and applications without the need for reinstallation, while infected systems can be brought back online in their prior state almost instantly through virtual machine supported features.
Ransomware is evolving to evade our best security defenses. It is through a layered security approach, the discipline of patching old bugs and vulnerabilities, as well as employee education, that we can keep bad actors at bay. NovaBACKUP gives users, from small businesses to Managed Services Providers, the flexibility to manage backups remotely and store client data using the methods and media that best suit them. We invite you to speak with the NovaBACKUP Cloud specialist for a complimentary backup health check.