Key Technologies and Security Best Practices

Sunil Sharma, VP-Sales & Operations (India & SAARC), Sophos Technologies

Ransomware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers. To stop these attacks, it’s critical that you have advanced protection technology in place at each stage of the attack. It adds value and efficiency if this protection is combined with a good user security practices.

Securing your Endpoints and Servers: Ransomware attack on the endpoints and servers is disastrous and disruptive. If ransomware makes it onto your endpoints and servers, it is vital that you block and remove it as quickly as possible. The disruption could be curbed with the help of the following technologies.

• CryptoGuard Technology: CryptoGuard Technology provides complete protection and security to endpoints and servers with unique technology that stops ransomware in its tracks. CryptoGuard complements your existing security by blocking processes that attempt to make unauthorized changes to your data. Key features of the CryptoGuard Technology are:

• Effective against CryptoLocker, Locky, Zepto, Cerber and much more,

• Works against both local and remote encryption, and

• Automatically rolls back changes – no loss of data.

• Exploit Prevention : Exploit Prevention has the ability to stop ransomware from taking advantage of the weak spot in other software products.

• HIPS Behavior Analysis/File Analytics: It is crucial to examine components/structure of files to prevent entry of any malicious element. HIPS Behavior Analysis/File Analytics scrutinizes the components/structure of files and checks if it contains any code that attempts to modify the registry.

• Web Security: Providing security is pertinent to prevent attacks and threats to files. Web Security, facilitates in securing and scanning web content for ransomware code.

• Malicious Traffic Detection (MTD): MTD detects traffic to ransomware command and control servers and prevents future damage by blocking it.

• Application Control: Application Control restricts what applications are allowed to run. It can also block Wscript – which is most often used by ransomware.

• Application Whitelisting: Establishes a “default deny” policy on servers so that only trusted applications can run – stopping ransomware from gaining a foothold.

• Stopping Email Threats: The Email Gateway is a primary defense against malicious emails carrying ransomware. The essential features to be present in order to avoid email threats are:

• Anti-Spam/Anti-Virus Technology: Blocks ransomware emails, including those with booby-trapped macro attachments and stops other email-borne threats.

• Time-Of-Click Protection: This is a truly defensive means to stops users from clicking on links to websites hosting ransomware, even if the link was safe when it entered the inbox.

• Cloud-Sandboxing: By testing files in a safe environment before the user runs them, Cloud-Sandboxing catches zero-day threats including ransomware.

• Stopping Web Threats: The Web Gateway blocks web-borne ransomware before it making way to user’s endpoints.  The essential feature to be attentive to includes;

• URL Filtering: Blocks websites that are hosting ransomware and stops ransomware communicating with its command & control servers.

• Web Filtering: Web Filtering, enforces strict controls on ransomware-related file types, stopping them from being downloaded.

• Cloud-Sandboxing: By testing files in a safe environment before the user runs them, Cloud-Sandboxing catches zero-day threats including ransomware.

Nine best security practices to apply now: Good IT security practices including regular training for employees are essential components of every single security setup. Make sure to follow these nine best practices:

• Backup regularly and keep a recent backup copy off-line and off-site: With recent backups, data loss can be minimized. With the help of recent backup copy off-line and off-site, ransomware cannot get to it.

• Enable file extensions: Enabling extensions makes it much easier to spot file types that would not commonly be sent to you and your users, such as JavaScript.

• Open JavaScript (.JS) files in Notepad: Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

• Don’t enable macros in document attachments received via email: A lot of infections rely on persuading you to turn macros on, so don’t do it!

• Be cautious about unsolicited attachments: If you aren’t sure – don’t open it. Check with the sender if possible.

• Don’t have more login power than you need: Admin rights could mean a local infection becomes a network disaster.

• Consider installing the Microsoft Office viewers: These viewer applications let you see what documents look like without opening them in Word or Excel.

• Patch early, patch often: Ransomware exploitation can be stopped by timely rectification.

• Stay up-to-date with new security features in your business applications: For example Office 2016 now includes a control called “Block macros from running in Office files from the internet”.

To stop ransomware exploitation it is critical to find the right protection. Use CryptoGuard technology to stop ransomware from encrypting your files. And also having the right anti-ransomware technologies at your email gateway, web gateway, firewall, and servers is essential to stop threats before they reach your endpoints. Together they give you the very best chance of stopping ransomware from holding your data – and your business – hostage.