Ransomware Protection Guide - Saepio
by Andrew Pitt

Sales Director

Connect with Andrew Pitt on Linkedin Connect with Andrew Pitt on Linkedin

Ransomware Protection Guide

It’s our job at Saepio to understand the latest tactics of miscreants in the cyber world and deliver appropriate protection to our customers. Presently, the most successful widespread and targeted attacks involve intelligent exploits to deliver malware often in the form of ransomware payloads.

Statistics show that 50% of organisations have experienced an infection and in 40% of cases the ransom is paid. It’s a profitable industry, therefore booming. Saepio offer objective advice and effective solutions to combat these threats. Preventing Ransomware is a good example:

Understand the Attack

  • Over 90% of attacks are initiated via email, many of which bypass traditional gateway filtering systems in the form of spear phishing.
  • Employee or users then become the weakness as they are coerced by intuitive techniques employed by cybercriminals to activate an exploit.
  • Vulnerabilities in applications or operating systems exist allowing a malicious payload to execute.
  • Traditional endpoint security solutions (Anti-Virus) are not equipped to detect advanced malware so the malicious payload execution is not blocked.
  • The endpoint is infected, data is encrypted, the user is locked out.
  • The ransomware ‘reports home’ and a ransom is demanded to regain access.

Prevent the Attack

Combining many years of product knowledge with an understanding of the attack allows Saepio to recommend simple effective solutions. There are numerous stage’s to a ransomware attack meaning security ‘layers’ are necessary to prevent it:

  • Utilise a leading email security solution (like Mimecast) to block malicious emails before they reach your network or users.
  • Educate users and increase security awareness when it comes to suspect emails, attachments and web links. KnowBe4’s cloud training platform helps conquer human error.
  • Utilise a vulnerability scanner (like Rapid7) to identify high risk vulnerabilities in your IT estate then prioritise patching the holes closing them from being exploited.
  • Deploy a modern endpoint security solution to Detect and Respond to advanced threats – tools like Crowdstrike and Malwarebytes have greater protection techniques than traditional AV.
  • Use a next generation firewall (like Palo Alto) that prevents malicious applications, users and web traffic which malware originates from and talks home to.
  • Security professionals now take the attitude it’s not if, but when you will be breached. As such, do NOT pay any ransom, follow a defined incident response procedure, involve the police and ensure you back-up data regularly (we suggest Druva) enabling a restore to a stable state should an infection occur.

Saepio’s Guide to Malware Prevention

It’s fascinating how many endpoint devices being protected by established AV providers fall victim to cyber-attacks.  At least Ransomware lets you know you’ve been compromised, unfortunately there’s many malware variants that sit silently and hide while propagating across the network, creating a foothold before striking.  In fact the average dwell time of a cyber breach is over 120 days!  Can you be sure there are no existing infections across your estate?

Saepio advise reviewing the health of your endpoints and gaining peace of mind with an Incident Response scan.  Over 3,000,000 clean up events are conducted every day by Malwarebytes, they’re the industry’s most trusted vendor in remediating endpoint incidents.

Read more in Saepio’s Guide to Malware Prevention.

Saepio’s Threat Landscape Predictions

The cyber-attack surface widened in 2018. As organisations automate and innovate, the accelerated adoption of new technology and internet connected systems is apparent. Couple this with the rise in cyber criminals armed with tools and knowledge to compromise software vulnerabilities…. well, the result is obvious.

Read more in Saepio’s Threat Landscape Predictions.

Vulnerability Management Guide

We’re often asked ‘why would a cybercriminal target our business?’. The reality is every organisation has something a threat actor can benefit from, so the more relevant question is, ‘how easy would it be for a cybercriminal to target our business?’.

Like many situations in life, cybercriminals tend to take the path of least resistance and pick the low hanging fruit. Any business that displays public facing technical vulnerabilities will be their first port of call. By using readily available scanning and reconnaissance tools to scope the security health of websites, applications, wireless networks, firewalls, etc, they will focus on weakness. In fact according to Forrester, 41% of successful cyber breaches are down to a technical vulnerability being exploited.

Read more in our Vulnerability Management Guide.