Don’t be a Ransomware Victim!
Imagine coming into the office and booting up your computer, but instead of your usual desktop screen you’re greeted by a red page with the message: “Your personal files have been encrypted!” The page explains that you need to pay the specifed ransom in bitcoin to get your files decrypted. If you don’t respond within 3 days, the price doubles; if you don’t respond within 7 days, your data is lost forever. Worse yet, it’s not only your computer that’s been affected: it’s every computer on the company’s network. Ransom demands in the tens of thousands of dollars are common; demands in the millions are not unheard of.
Are you prepared for such a scenario? Do you know how to prevent it?
What is Ransomware
“Ransomware” is a modern version of the old “protection” racket. In the pre-technology version, you paid money to thugs and in exchange they didn’t throw rocks through your windows. In the modern version, you pay money to cyber-thugs so that they let you make use of your own data.
Ransomware is a very big problem: one cybersecurity research firm estimated the costs of ransomware in 2018 as exceeding $8 billion. Europol, the EU’s law enforcement agency, said in a report on organized crime that, “Ransomware remains the key malware threat in both law enforcement and industry reporting.”
And to add insult to injury, paying the ransom doesn’t guarantee you’ll get your data released: according to one survey, in 30% of cases where victims paid the ransom, the bad guy still didn’t release their data.
Enterprise Anti-Ransomware Solutions
How do you protect your organization from ransomware?
The traditional tools for protecting against ransomware are based on a “find and block or destroy” technique: firewalls, antivirus/anti-malware software, and secure web gateways are based on identifying malware and either blocking it from getting through to the endpoint device, or destroying or disabling it.
These tools rely on a combination of regularly updated databases of known threats and heuristic analysis, which applies various algorithms to detect threats that aren’t in the database.
There are two problems with databases: 1) if your database isn’t absolutely up-to-date, new malware won’t be caught; 2) they afford no protection against “zero-day” threats, brand new attacks that haven’t been seen before. Thousands of computers and networks can be infected on the first day a new type of malware is released, before it can be identified and antivirus databases can be updated.
That’s why antivirus software often includes heuristic analysis as well, to try and identify malware that’s not in the database. Unfortunately, cyberthieves are often able to mask their activities and slip past these defenses.
Bottom line: conventional approaches to protecting an organization against ransomware and other types of malware aren’t good enough. Some attacks can still get through.
What About Backups?
You follow good IT practices and make frequent backups of your data. Can’t you just ignore the ransomware and simply restore everything from a backup?
Unfortunately restoring from a backup doesn’t always go smoothly. One survey found that even though most companies do regular backups, only 42% were able to successfully restore 100% of their lost data from backups after a ransomware attack. And what if your backup is infected too? Unless you have offline backups, your backups are likely also encrypted. And offline backups generally aren’t “real time” so you’ll inevitably lose some data.
What’s the Solution?
So, what’s the best enterprise ransomware protection?
The only way to have full ransomware endpoint protection is to use a method that doesn’t rely on identifying malware as the first step, such as Remote Browser Isolation (RBI). An RBI solution isolates ALL web browsing in a separate “safe” server, away from the organization’s network. When a user opens a browser or clinks a link in an email, the browser is opened in a one-time-use remote container. The user sees a dynamic image of the website – the actual code on the website never reaches the endpoint device. If a site is infected, the malware or ransomware can’t spread outside of the one-time-use container, which is destroyed when the browsing session is over.
Ransomware can also be hidden in files that a user downloads from the web. Some RBI solutions such as Ericom Shield come with built-in file cleansing technology to protect against those threats as well. When a user downloads a file, it’s scanned and sanitized remotely before being downloaded to the user’s computer or other device.
In a world where malevolent hackers are growing increasingly sophisticated, the conventional approaches to protection against ransomware and other forms of malware are no longer enough. Standard best practices such as firewalls, antivirus software, and regular backups don’t guarantee protection. A remote browser isolation solution, that doesn’t rely on detection, offers a much greater degree of security from malicious ransomware.
If you liked this article you might also be interested in some of our latest blog posts: