Ransomware is the latest trend in malicious software. This type of exploit essentially locks access to a computer (or server) until the owner pays a “ransom.” (Unfortunately, even if a ransom is paid, there is no guarantee that data will be retrievable.)
In the first half of 2016 alone, 50 new ransomware variants were detected, meaning that this malware is evolving rapidly to avoid detection. It’s overwhelmingly delivered via infected payloads and phishing schemes, but can also be delivered through compromised software, app stores, malvertisements, and web exploit kits, essentially using any and all possible attack vectors.
Defending Against Ransomware
Ransomware is the next generation of malware, and the damage it can do makes early detection and mitigation even more critical. Alert Logic, like many security experts, recommends a layered security approach to accomplish this. The first security layer is monitoring and identifying threats. These security functions utilize predictive analysis and proactive monitoring to identify new variants of malware. They typically combine known malware variants along with known locations from which malware originates, in order to determine if a payload is malicious or not. The monitoring function, in particular, refers to analyzing network infrastructure and looking for malware activity. Basically, the idea is that you can’t catch what you can’t see. It’s critical to catch ransomware at an early stage, before it gains full access and starts doing damage.
The ability to complete these steps relies heavily on collected data from the network. The tedious correlation of log data, NetFLOW, application data, etc., are essential to any security approach and well worth the investment. The security applications that sit upon this foundation need to be carefully evaluated for rules, signatures, how often they’re updated, and whether there’s 24x7 Security Operations Center monitoring by experts who analyze all client data for malware.
Far too often, we at Alert Logic come across potential customers who took a “set it and forget it” approach to their security and didn’t take the added steps necessary to keep their security solution up-to-date.
If you are interested in learning more about securing your data against ransomware through a layered security approach, download Security Insights: Defend Your Data From Ransomware now.