Since 97% of all successful ransomware attacks begins with a phishing campaign, email workflow must be your primary focus.
Think of your Ransomware protection strategy in terms of concentric layers. Each layer represents a different tactic or tool for finding and reducing ransomware risk.Email filtering. Clearly, the sooner the threat can be found, the better your odds of avoiding an attack. Email filtering examines incoming mail, makes an assessment and, if successful, will filter it out.
- User Layer. The user is the weakest link in this chain. Security relies on each person in the organization not only to be vigilant but to understand the subtle differences between a valid email and a phishing attack. Studies show an average of 64% of ransomware attacks can be avoided with a consistent, properly implemented training and testing program. (More on this in our next email.)
- Anti-Virus Layer. Every endpoint needs to include an anti-virus software tool. These products work by maintaining a list of millions of previously detected virus signatures. When such an existing virus is detected, it is shut down, and the risk eliminated.
- The anti-virus layer’s biggest weakness, of course, is that it only works if someone else in the world previously found this virus, AND your virus software provider has logged it. The problem is, 300,000 new versions of ransomware appear daily. If you are the first to receive one of them or your signatures are not updated in time, then your anti-virus software will fail.Anti-Ransomware – Next Generation. The Final Layer. Imagine if you will, a scenario where your email filter, user community, and anti-virus software have all failed to recognize a threat.
- That shouldn’t be too difficult to imagine, it happens millions of times a year. In 2016 it happened to more than 50% of companies and that number is expected to increase in 2017. The Next-Gen solution provides you one more opportunity to avoid data loss. This is how it works and what it does:
- It monitors your system and all its processes, 24/7.
- It identifies malicious behaviors.
- Should it find a malicious behavior, say data encryption, it shuts down the process.
- The data is restored to its previous state.
- The attack is terminated.
- Forensics are made available indicating:
- The originating device and username.
- Files, processes, registry keys and network keys affected.
- The time it occurred.
- The type of infection.
Virtugard strongly recommends that every organization implement a Next-Gen layer. Tests we have conducted within our own labs indicate that this is a highly effective, potent tool. It can run alongside your existing Endpoint and antivirus products to add anti-ransomware and root-cause analysis. Additionally, considering the extremely low cost of this solution we feel there is every reason to implement it.