Ransomware Protection

How the Right Software Can Help You Defend Your Endpoints Against Ransomware

A troubling pattern has emerged recently. Ransomware attacks on networks have become more common and even more dangerous forcing companies to seek solutions for ransomware protection.

The standard ransomware attack occurs when cybercriminals use software, a phishing scheme or some combination of the two in order to gain access to a network and then lock or encrypt all the systems on that network. The attacker then demands Bitcoin (or other virtual payment) as a ransom in exchange for giving control of the network back to its rightful owner. The ransom amount demanded could be millions of dollars and the organization is completely out of commission until the problem is resolved, either by paying the ransom or going through the painstaking process of restoring all of the systems on the network from backups, if there are backups. 

Alarmingly, hospitals and other medical facilities, government offices, and utility companies have been common targets for ransomware attacks. You can imagine the clear urgency that doctors and staff would have regarding regaining control of their patient data. For a medical facility, patient data and technology driven systems are vital to administering proper medical care and the ongoing pandemic has only exacerbated the problem. Imagine the widespread public panic if utility companies providing power to millions are taken offline by attackers. The problem is even further complicated when there is no timeline for restoring service without paying the ransom. Hackers exploit these moments of desperation and force companies to choose between paying high ransom fees or face significant financial and material losses. 

Some companies choose to give in to the attackers demands out of desperation to get their systems back online. There is still no guarantee that complete control of the system will be returned smoothly. It’s not like paying the water bill to get the water turned on again. These are serious criminals committing these attacks and those impacted are forced into a potentially lose-lose scenario as a result. In this post we will take a look at ransomware protection and how the right software can help you protect your endpoints from a ransomware attack. 

So how do these attackers gain access to systems in the first place?

How They Gain Access

There are several ways a cyberattack can begin. Phishing, the practice of sending emails that are meant to look legitimate and prompt users to open them despite actually being from unsafe sources, is one of the most common ways ransomware attacks start. Simply training users in how to recognize these types of attacks is a vital part of your ransomware protection.  Attacks usually start with a small leak of information in order to then exploit unpatched systems via networks that do not have an overall patching strategy to keep all their systems up to date. 

Attacks typically have multiple stages and phishing is just the start. The delivery of ransomware is the final stage where cybercriminals can ultimately inflict the damage required to extract the huge cash payments they seek.

Ryuk is one of the most successful types of ransomware currently being utilized. It is estimated that Ryuk ransomware has made more than $150 million. That’s an incredible amount of money to have collectively lost to one type of ransomware. When you consider the other cybersecurity threats out there, the potential for losses is uncomfortably high.

One of the worst parts about Ryuk is that it is consistently updated to be as effective as possible. Just as security experts manage to come up with a way to detect and combat attacks using Ryuk, the developers update and adapt the software so it remains a threat.

This dangerous ransomware is using a new trick to encrypt your network. The newest development with the software is that it now has a worm-like ability to self replicate and infect new systems. In the world of cyber-attacks, a worm is a harmful program that does not require the actions of users to multiply and spread to additional systems.  It is engineered to replicate itself and send copies of itself on its own.

This new ability will allow the ransomware to spread quickly across a network and even wake up systems using Wake-on-LAN in order to infect them as well. The harmful software will soon reach all of the computers and machines on the network, creating a greater urgency to pay whatever ransom the attackers require.

Some large IT companies have also been compromised by attacks and their customers subsequently targeted. Recent examples include the SolarWinds hack which allowed hackers to access US Federal government systems and the Kaseya ransomware attack which provided hackers access to over 1500 small businesses utilizing their software.

Protecting Against Phishing and Ransomware Attacks

As scary as these attacks are, you are not powerless in the face of these kinds of cyberattacks. Addressing security vulnerabilities in your system before they can be exploited by criminals in a cyber attack will not only potentially save your organization thousands or even millions of dollars, potential harm to patients or customers, data loss, and potential lawsuits, not to mention  save you a huge headache and immeasurable levels of stress.

So how do you do it?

Proper Antivirus Tools

Most organizations today already have this as the first line of defense. A proper firewall, network monitoring tools and antivirus software on all systems is a great start. Now out of date antivirus software can cause a huge issue but we will touch on that more in a moment. 

Keep Storage Backups Offline

Consistently backing up the company’s network and storing the backups offline is something almost all security experts will recommend. Not only is this useful for ransomware attacks, but it will also help in the case of a garden variety network failure or accident by an employee. 

If your organization is put in the unfortunate position of being attacked by ransomware, offline backups will help immensely. They will allow employees to continue accessing the vital information they need to do their work. That provides much less of an incentive to pay the ransom and can potentially save the organization the money and time lost from such attacks. The time, effort, and money it will take to set up offline backups is trivial compared to the potential losses in a ransomware attack.

Patch Management and Software Updates

Among the ten most commonly exploited system vulnerabilities in 2019 were eight vulnerabilities stemming from Microsoft products like Office and Internet Explorer while others targeted Adobe Flash Player. In almost all cases, unpatched software or systems is usually to blame for the breach.

If your organization uses these products, it’s a good idea to check they have been patched.  There are fixes available from the vendors in each case, they just need to actually be implemented. It seems like a simple thing to do and ideally someone in your organization is responsible for staying on top of such developments. Hopefully, your organization has already taken care of these vulnerabilities and others but the fact of the matter is that many organizations don’t and they can pay dearly for that mistake down the line. 

Surprisingly, the list of most commonly exploited vulnerabilities in software has multiple repeats year over year. How can companies let themselves fall victim to traps that are already well-established and acknowledged? It’s simply a matter of not taking the time to deal with these things and follow patch management best practices. Sure, perhaps no one will ever try to take advantage of the vulnerabilities at your organization but knowing the potential losses if they do, is that really an acceptable risk? You would think not.

It is critical for any organization to have a solid patch management strategy. One of the easiest steps to take to protect a system or device (both those that belong to an organization and to private individuals) is to stay on top of all software updates. Many people find themselves pressing ignore over and over again on their personal devices when new updates are released. It’s no surprise that the same behavior occurs in large organizations as well and can be a critical mistake.

New releases and updates often contain new elements that protect the software from attacks. By using older, less secure versions of the software, not only is an organization using an inferior product, but also needlessly opening themselves up to cyber-attacks. It should be every company’s policy to consistently update software, especially software that is commonly targeted in attacks. That version of Microsoft Internet Explorer that’s years old and sitting on all company computers may as well be a ticking time bomb.

That is where automated patch management can really help. Instead of relying on users and individuals to patch their systems or on IT personnel to walk around and check all the systems, IT Asset Management tools like Track-It! provide functionality to scan for software, detect versions and automatically deploy patches to ensure that all systems are always up to date.

Besides updating software and using security patches, management can also choose to implement training protocols so employees learn to recognize phishing.

Training Against Phishing

Someone within an organization needs to actually open phishing emails and interact with them in order an attack to be successful. If everyone in the organization has the skills to recognize these emails and immediately delete them or notify the SOC (Security Operations Center) within the organization, the threat could be quickly and easily eliminated. 

Many large organizations where employees have access to valuable data have started sending fake phishing emails to test and help train their users. They use these emails to test employees on their ability to recognize and reject potential threats. If the employee clicks the link in the fake phishing email, the company gets an alert and that employee receives further training on phishing and the tactics that phishers commonly use and how to recognize and report them properly.

It is not a foolproof method but proper training of your users is important. Phishers will only get smarter and learn new, sneakier tactics for tricking unwitting victims, making proper training a good start. Properly trained employees will understand how important it is to not open suspicious emails or click on links in those emails because they will understand the potential implications of doing so. This type of training is the easiest first step of ransomware protection you should implement immediately if you haven’t already done so. 

Endpoint Management Software

Automatic software updates are one of the ways to keep systems and software patched but another option is to implement a more comprehensive solution to ensure better protection. Proper endpoint management is an effective way to help ensure the security of your endpoints and your organization.

Endpoint Management Software is the solution. Endpoint management software reduces security risks through patch inventory, automated patch management and deployment. 

Manually securing endpoints, while important and worthwhile if you have no other options, can be time consuming and unreliable. Save time and ensure all systems are secure with endpoint management software that can easily and quickly protect against vulnerabilities.

Particularly as a company grows or merges with others, IT departments can struggle with growth and managing technology assets. An endpoint management software system can handle this by discovering, monitoring, tracking and automatically patching systems on the network. Think of the stress and concern that such proactive software could save a company, not to mention the potential damages if a ransomware attack ever did occur.

Endpoint management software with patch management can provide ransomware protection by securing all of your endpoints automatically, reducing vulnerabilities and keeping systems up to date. This type of system can turn a near constant manual effort into an automated solution, saving you time, stress, and money, as well as potential down time, financial losses and potential lawsuits should your organization ever be the victim of a ransomware cyberattack. 

Cris Coffey

Cris Coffey

Cris is the Principal Product Manager for Track-It! and BMC Client Management. Track-It! is a help desk software application designed for small to medium sized businesses and Client Management is an End Point Management software application designed for Medium to Large sized businesses.