It’s everywhere. Big businesses, small businesses and households alike are being targeted by a constantly growing internet threat known as Ransomware. It’s sophisticated, it’s dangerous and it’s not going away anytime soon.
And why? Ransomware pays. If you’re a cyber criminal and you’re goal is making money, ransomware is profitable. Time and time again we are witnessing businesses giving up extremely large sums of money to recover the data that has been attacked and encrypted.
Statistics from Trend Micro’s TrendLabs detected 1,133,415 ransomware threats in Australia in the 1st half of 2016 – that’s 1,552 detections per day!
Ransomeware is disrupting businesses everywhere. It is leading to halts in productivity and delivery service, losses of critical customer and internal data, and damages to the business brand and reputation.
Where is it coming from? Research has shown that 99% of ransomware has been found in web and email traffic. Phishing emails from seemingly legitimate sources such as Australia Post, electricity companies and the Australian Taxation Office are just some of the techniques used to infect devices. Gone are the days of misspelled and grammatically incorrect emails.
Fundamental best practices and still necessary but no longer sufficient! Ensuring 3 backup copies in 2 formats with 1 air-gapped from the network, limiting access control to business critical data, ensuring current patching of devices and maintaining excellent employee education on phishing are all very important, but have proven ineffective in recent times.
Protecting the business from Ransomware now requires protecting 4 key layers:
- Email and Web Gateway – Spear Phishing Protection, Malware Scanning, Web Reputation, Sandbox Attachments and URLs
- EndPoint Protection – Ransomware Behaviour Monitoring, Vulnerability Shielding, Application Control, Lateral Movement Protection
- Network Protection – Network Monitoring, Custom Sandbox Analysis
- Server Protection – Malware Scanning, Vulnerability Shielding, Suspicious Action Monitoring, C&C Traffic Detection
If you suspect you have been infected by Ransomware contact an IT specialist immediately.