Ransomware

A How To …maxresdefault

n recent months there has been an increasing rise in the number of Ransomware related incidents hitting organisations.  While many occurrences do not make the public headlines, to security professionals and observers there has been a distinct and discernible trend taking shape.

The more excitable parts of mass media seem to have found the newest “hot & scary” story to relay them on to the naïve, the innocent, the ill-informed regrettably and the impressionable – that sadly and too frequently are to be found in the public services and SMEs.

In many of my recent conversations with clients and colleagues on this topic, it seems that the focus and fears of non-security industry professionals seems to undermine what many security professionals would agree is essential rigour and practice.

So in the tradition of many like-minded individuals, I thought it was time to share my thoughts on the topic, which to most security professionals will be an obvious basic and good practices approach mitigating and preventative operational controls.

The Small Print

The thoughts and opinions expressed in this paper are entirely my own and are not intended in their entirety or partially to be those of my current, past or future employers. As with all best practices, consider carefully how to use any advice and approach for your specific circumstances, especially the operational context. Please consider carefully any and all potential consequences, especially the unintended, that could arise for your environment.

This paper seeks to promote what many experienced security industry experts consider and agree are best practices to minimise the exposed digital landscape of an organisation to ransomware and malware attacks.

Notably in this paper, I have sought to keep all references confined to a technology rather than to a vendor, with the sole exception of Microsoft.  This is because I consider this to have been the prime OS candidate affected by ransomware to date.  As with all things in security, this may be subject to change.

Best practice

Before we kick off

First things first, what is ransomware? There are long descriptions available online in case you are not familiar with the problem. As per Wikipedia, “Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction

Like most malware related guidelines employing good housekeeping across the IT estate will help to sleep better at night.  Controlling the inbound data filtering bad traffic which importantly includes but is not limited to email traffic and web activity while employing common sense and basic controls will help significantly.

Good housekeeping means the boring stuff like making sure hosts are patched, maintained, protected and audited. Seems and sounds simple doesn’t it?  As it

should be, but many IT estates aren’t quite there, completely or consistently.

We need to include things we can’t articulate in a technical statement such as organizational culture, management commitment stakeholders and values into our culture and conversations.

Keeping a watching brief and sanitising network data which might have passed the initial controls, for example: monitoring the DNS through sampling or capturing some network traffic based on the required use case of the prevailing moment.

Taking technical steps to limit, restrict or prevent are important but we must not forget our users whom we can enable train and increase awareness helping them to become the frontline defence of the organisation.

Weave all the above together and you will have a much healthier infrastructure.

David

You can download the full document here, fill the required details for a link to the file. [email-download download_id=”857″ contact_form_id=”757″]

 

Join Our Mailing List

Privacy Policy

Privacy Preference Center