Well hey everybody, I hope the Thanksgiving holiday was kind to all of you. I had originally planned to discuss more DevOPS with ya’ll this week however a more pressing matter came to mind in my sick and weakened state of stomach flu!
Lately we’ve been discussing ransomware but more important, lately I’ve been seeing an even greater incidence of ransomware affecting individuals and businesses, and worse when it would hit a business it would have a lot of collateral damage (akin to encrypting the finance share that only cursory access was allowed to or such)
KnowBe4 has a pretty decent Infographic on Ransomware I’m tossing in here and I’m curious what ya’ll have been seeing in this regards.
Do you find this to be true, an increased incidence, a decrease, roughly the same?
Some real hard and fast takeaways I’ve seen from those who aspire to mitigate ransomware attacks is to Implement:
- Stable and sturdy firewalls
- Email filtering scanning file contents and blocking attachments
- Comprehensive antivirus on the workstation
- Protected Antivirus on the servers
Yet all too often I see all of this investment around trying to ‘stop’ it from happening without a whole lot left to handling clean-up should it hit the environment, basically… Having some kind of backup/restore mechanism to restore files SHOULD you be infected.
Some of the top ways I’ve personally seen where Ransomware has wrought havoc in an environment have happened in the cases of;
- Using a work laptop on an untrusted wireless network
- Phishing / Ransomware emails which have links instead of files and opening those links
- Opening a “trusted” file off-net and then having it infect the environment when connected
As IT Practitioners not only do we have to do our daily jobs, and the business to keep the lights on, and focus on innovating the environment, and keeping up with the needs of the business. Worst of all when things go bad, and few things are as bad as Ransomware attacking and targeting an environment, then we have to deal with that on a massive scale! Maybe we’re lucky and we DO have backups, and we DO have file redirect so we can restore off of a VSS job, and we can detect encryption in flight and stop things from taking effect. But that’s a lot of “Maybe” from end-to-end in any business and all of the applicable home devices that may be in play.
There was a time when Viruses would break out in a network and require time and effort to cleanup, but at best it was a minor annoyance. Worms would breakout and so long as we stopped whatever was the zero-day trigger we could stop it from occurring on the regular. And while APTs and the like are more targeted threats this was less of a common occurrence for us to deal with where it would occupy our days as a whole. But Ransomware gave thieves a way to monetize their activities, which gives incentives to infiltrate and infect our networks. I’m sure you’ve seen the Ransomware now offering Helpdesk to assist victims with paying?
It’s definitely a crazy world we live in, one which leaves us only with more work to do on a daily basis, a constant effort to fend off and fight against. This is a threat which has been growing at constant pace and is leaking and growing to infect Windows, Mac AND Linux.
What about your experiences, do you have any attack vectors for Ransomware you’d like to share, or other ways you were able to fend them off?