Ransomware – The Importance of Layered IT Security

June 27, 2016

Hospitals, schools, state and local governments, law enforcement, small businesses, large businesses, individuals - these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

Symantec 2016 Internet Security Threat Report 

Why are ransomware attacks so successful?

Sophisticated attack technology

  • Creators of ransomware operate in a highly professional manner
  • Skilful social engineering is employed to convince the user to execute the installation of the ransomware. In Australia common ransomware emails appear to be sent from Australia Post, SDRO and the AFP

Security weaknesses in affected computers

  • Inadequate backup strategies
  • Systems not updated/patched quickly enough
  • Dangerous user/rights permissions
  • Lack of user security training
  • Security systems are not implemented or are misconfigured (virus scanners, firewalls, IPS, email/web gateways)
  • Lack of knowledge on the part of administrators in the area of IT security
  • Conflicting priorities (“we know that this method is not secure but our people have to work…”)

Having layers of protection reduces your risk

As there is no single method for preventing Ransomware, it is important to have a layered security approach to mitigate the risk.

The three key layers include:

  1. Perimeter – Prevent malware from entering your network
  2. Runtime – Prevent malware from running on your network
  3. Damage Control – Reduce impact of an outbreak 

Ransomware Mitigation Matrix

Perimeter - Prevent malware from entering your network

Effectiveness

User Impact

Admin Impact

Cost

Email Gateway – Malware & Malicious Object Scanning

High

Low

Low

$$ - $$$

Email Gateway – Greylists & Blacklists

High

Low

Low

$$ - $$$

Web Proxy – Malware & Malicious Object Scanning

High

Low

Low

$$ - $$$

Email Gateway – Anti Spoofing & Impersonation

High

Low

Moderate

$$ - $$$

Email Gateway – Attachment Sandboxing

High

Low

Moderate

$$ - $$$

Email Gateway – URL Scanning

High

Low

Moderate

$$ - $$$

Web Proxy – Categorisation & Blacklists

High

Low

Moderate

$$ - $$$

Firewall – Application Control

High

Moderate

Low

$$ - $$$

Email Gateway – Attachment Policies

High

Moderate

Moderate

$$ - $$$

Patching – Clients, Servers, and Device Firmware

Moderate

Low

High

$

Server – Application Hardening

Moderate

Low

High

$ - $$

Client – Disable macros in Office files downloaded from the net

Moderate

Moderate

Low

$

Firewall – Geo Blocking

Moderate

Moderate

Low

$$ - $$$

Client – Disable unsigned macros in Office

Moderate

Moderate

Moderate

$

Firewall – Port and IPS Control

Moderate

Moderate

Moderate

$$ - $$

Users – Security awareness training

Moderate

High

Moderate

$$

Client – Show all file extensions

Low

Low

Low

$

Client – Enable browser features (Popup blocking, Smart Screen)

Low

Low

Moderate

$

Server – Enforce Secure Communications

Low

Low

Moderate

$

Client – Sandboxing Service

Low

Low

Moderate

$ - $$

Users – Enforce a Password Policy

Low

Moderate

Moderate

$

Client – Manage Portable Media

Low

Moderate

Moderate

$

 

 

 

 

 

Runtime - Prevent malware from running on your network

Effectiveness

User Impact

Admin Impact

Cost

Client – Implement Software Application Policies

High

Moderate

High

$ - $$$

Client – Deploy Antivirus, anti-malware software

Moderate

Low

Moderate

$ - $$

Client – Enable Firewall

Moderate

Low

Low

$ - $$

Client – Deploy Malware Mitigation software

Moderate

Low

Moderate

$

Client – Enforce UAC Prompt

Moderate

Low

Moderate

$

Client – Disable WSH or Re-write vulnerable file associations

Moderate

Low

Low

$

Server – DNS Management

Moderate

Low

Low

$

Server – Deploy Document Management System

Moderate

Moderate

Moderate

$$ - $$$

Server – Enable Multifactor Authentication

Moderate

Moderate

Moderate

$ - $$

Firewall – Prevent access to ‘Command & Control’

Low

Low

High

$$ - $$$

 

 

 

 

 

Damage Control – Reduce Impact of an outbreak

Effectiveness

User Impact

Admin Impact

Cost

Alerting – Detect and Action unusual behaviour

High

Low

Moderate

$ - $$

Backups – Enable and test regularly

High

Low

High

$$

Backups – Secure copies off the network

High

Low

Moderate

$$

Server – Hide shares

High

Moderate

Moderate

$

Permissions – Configure Access Controls

Moderate

Low

High

$

Server – Setup file screening

Moderate

Low

Moderate

$

Permissions – Manage privileged Accounts

Moderate

Moderate

High

$

Server – Enable Shadow Copies

Low

Low

Low

$

Of these items, the top three things you can do to protect your data are:

  1. Conduct regular backups and test restoration
  2. Separate access control to your backup files
  3. Make copies of your backups off the network

Speak to your IT team or external provider about the strategies in place to mitigate the risk of Ransomware in your organisation.


Information provided in this article has been gathered from a variety of sources including: 

Contact our experts


Other articles


 

Top of Page


 Back to News




IN THIS SECTION:


Rob Southwell

Sydney

Managing Partner and Partner – Private Clients Group


> View profile

John Brazzale

Melbourne

Chairman - Pitcher Partners Association Partner/Executive Director - Tax Consulting


> View profile

Michael Minter

Newcastle

Managing Partner


> View profile

Bryan Hughes

Perth

Chairman


> View profile

Tom Verco

Adelaide

Managing Principal


> View profile

Ross Walker

Brisbane

> View profile



Partnership fraud

SUCCESS

Paperwork and independent advice saves partnerships from fraud

Discover more

Kia Ora Horse Stud

CASE STUDY

Pitcher Partners fills a Financial Manager gap to keep the business on track

Discover more

Fuel Injection Company Administration

LEADERSHIP

A fuel injection company began life as an Australian public company before being acquired by a UK publicly listed company while in the research and development stage of a “green...

Discover more



@PitcherPartner RT : .Paul Ostrowski CEO kicks off Healthcare Briefing on Consumer Directed Care… https://t.co/33DwssT8TM