Lessons Learned From Recent Ransomware Attacks

March 16, 2016 - by Synoptek

Share Button

Ransomware, it’s real for everyone

This month, the first fully functional Mac targeting ransomware malware was discovered. While we are not going to discuss the specifics of the ransomware, we have a lesson to learn from it. The ransomware was delivered by downloading the latest version of a piece of software from its official source. The ransomware follows the traditional lines of its prolific Windows counterparts. IE: It will encrypt all the files it can find and demand payment for the decryption key.

Step-by-Step protection against ransomware you typically perform, that won’t work

You want protection from ransomware so you run through usual gambit of protections. You realize a piece of software is out of date. You go to update it.

1. You had Anti-Virus installed.

Signature based Anti-virus relies on someone discovering the virus first. Non-Signature Anti-virus relies on being able to determine when a piece of software is acting like a virus. Neither are 100% accurate.

2. You had Gatekeeper enabled (which checks the certificate the software has been signed with).

The malware was abusing a legitimate certificate, tricking the Operating System into believing the software was trusted.

3. You were updating your software to keep in check with the latest patches.

Good for you! Except, maybe given newly released malware versions you did not check to see if any additional bugs (or malware) are found.

4. You were downloading from the known good, official source.

In this case, the correct source was also the bad source. They unknowingly carried the malware.

What this means if that even if you were perfect and did all the security basics you are supposed to do, you still would have been infected and held ransom if you happen to be in the wrong place at the right time.

Be prepared for eventualities – Do you have a Backup & Disaster Recovery plan in place?

We already know that getting infected by some kind of malware is likely to be an eventuality, thus we must prepare for it. The mitigation for ransomware is to have current, updated backups on hand for recovery. Ideally, you have local and off-site backups.

In the case of this malware, it would attempt to encrypt your Time Machine backups. Are these the only backups you have? Remember that having one set of backups is essentially like having no backups at all.

Train your people

Are your employees trained to react and deal with ransomware? The end user portion of dealing with ransomware is very simple. Most ransomware will not immediately announce its presence. It will dutifully encrypt your files in the background until finished then demand payment. It may even lay dormant for several days before starting the process. The moment the employee notices something is amiss, shut down the machine; forcefully if need be. Interrupting the encryption process before it is complete can reduce the damage or amount of data that needs to be restored.

Managed IT Security – IT Security for Your Business, Your Assets, Your Data

To effectively defend against cyber attacks, your organization must look at ways to expand your current ability to secure and maintain data security and adhere to compliance standards across your evolving IT infrastructure. Partnering with a Managed Services Provider can extended your IT teams capacity to protect your data, network infrastructure, and applications. Beyond the around-the-clock security monitoring of your infrastructure, this specialized team of security experts are focused on:

  • Ongoing threat investigations and analysis delivering recommended prevention and remediation steps
  • Delivering threat assessment reports that identify risks to your infrastructure, based on threat intelligence mined from a variety of internal and external sources
  • The reverse engineering of malware and any suspect applications to obtain valuable information in order to drive new security content used to protect the entire customer base from future compromises
  • Performing PCI and vulnerability scans to determine at-risk systems for either compliance violations or known exploits

The challenge of finding, retaining and training skilled IT security staff coupled with the high cost of purchasing and maintaining software and hardware technology in-house puts IT security protection out of reach for many organizations. Additionally, if your “core focus” is not that of a security organization you are accepting a potentially huge element of risk when “fielding your own teams.”

There is an alternative to this costly in-house approach: the Synoptek Managed Security as a Service offering, which includes an advanced Security Operations Center.  Why risk it?

Contact Synoptek to Learn More about Synoptek’s Managed IT Security as a Service

Learn More: