Prevention is the best Ransomware Protection for 2020

Breaches happen because people do something they shouldn’t or don’t do something they should.
– Frank Abagnale, Security Consultant, Con Man, Check Forger, Impostor, and inspiration for the movie Catch Me If You Can

Ransomware is a pain in the side of business and government organizations. And these statistics leave no doubt that traditional approaches to preventing ransomware are suspect:

    • 75% of companies infected with ransomware were running up-to-date endpoint protection. (Source: Sophos)
    • 34% of businesses hit with malware took a week or more to regain access to their data. (Source: Kaspersky)
    • 50% of a surveyed 582 cybersecurity professionals do not believe their organization is prepared to repel a ransomware attack. (Source: Pwnie Express)

Eventually, even the most careful and cautious user will regret clicking on a link in an email or on a website. To err is human but ransomware does not forgive.

We can prevent ransomware, but at what cost?  Here are several methods of preventing ransomware and the associated costs.

Prevention by Policy

Don’t pay the ransom.  If hackers knew with 100% certainty that they would not get paid, they would shift their attention elsewhere. Unfortunately, the fact is some organizations can’t afford to say no when criminals have their critical data and write off the ransom as a cost of doing business.  Getting everyone around the world to agree not to pay a ransom is not practical regardless of the cost.

Prevention using Traditional Security[i]

Traditional security solutions are reactive (detection and incident response). It’s easy to find a list of security steps to reduce risk from ransomware, here’s one example in table 1.  But organizations struggle to follow these 10 steps all the time, on every system.  One slip up and you’re a victim. Organizations spend more on traditional security each year and are victims more.  That cost is not acceptable.

Table 1: Traditional Security Steps to avoid Ransomware

    1. Keep your Windows Operating System and antivirus up-to-date.
    2. Regularly back-up your files in an external hard-drive.
    3. Enable file history or system protection. In your Windows 10 or Windows 8.1 devices, you must have your file history enabled and you have to set up a drive for file history.
    4. Use OneDrive for Consumer or for Business.
    5. Beware of phishing emails, spams, and clicking malicious attachment.
    6. Use Microsoft Edge to get SmartScreen protection. It will prevent you from browsing sites that are known to be hosting exploits, and protect you from socially-engineered attacks such as phishing and malware downloads.
    7. Disable the loading of macros in your Office programs.
    8. Disable your Remote Desktop feature whenever possible.
    9. Use two-step authentication.
    10. Use a safe and password-protected internet connection.

Prevention by Avoiding Risky Behavior[ii]

Knowingly and unknowingly, humans engage in risky behavior.  In an organization, it only takes one transgression by one person for ransomware to take hold. Following these measures, every time, all the time, is impractical at any cost.

Table: Risky Behavior that leads to Ransomware

    • Don’t browse untrusted websites
    • Don’t download or open file attachments which are known to contain malicious code from spam emails. Some possible attachments can be:
      Executables (.ade, .adp, .ani, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .hlp, .ht, .hta, .inf, .ins, .isp, .job, .js, .jse, .lnk, .mda, .mdb, .mde, .mdz, .msc, .msi, .msp, .mst, .pcd, .reg, .scr, .sct, .shs, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh, .exe, .pif, etc.)
    • Don’t open Office files that support macros (.doc, .xls, .docm, .xlsm, .pptm, etc.)
    • Don’t install pirated software, outdated software programs or operating systems
    • Don’t use a PC that is connected to an already infected network

Prevention by Isolation

A new, zero-trust approach to security implemented as remote browser isolation can make ransomware a thing of the past.  Whether a user clicks on a web link in a phishing email or accidentally goes to a malicious website, if their organization had deployed isolation, the ransomware attack would have failed. The cost is low to deploy the solution with a short time to value because the user experience is seamless, there are multiple deployment models to fit your requirements, and the licensing is subscription-based.

Conclusion

Of all the methods for preventing ransomware we discussed, only one is viable.

Method Conclusion
Prevention by Policy Impractical to implement
Prevention using Traditional Security Expensive and not effective enough
Prevention by Avoiding Risky Behavior Impractical to achieve 100% compliance
Prevention by Isolation Effective with fast time to value

[i] What is WannaCry? How does WannaCry ransomware work?, Geeks for Geeks

[ii] https://www.geeksforgeeks.org/what-is-wannacry-how-does-wannacry-ransomware-work/

Cyberinc makes corporate and government cybersecurity more reliable, scalable, and productive by securing the largest point of vulnerability, web access, by preventing attacks before they become breaches.

To learn more, download the Remote Browser Isolation white paper.

Download White Paper
John Klassen

Sr. Director - Product Marketing

Your email address will not be published. Required fields are marked *