We cannot expect ransomware to become extinct anytime soon. Even the current generation has a huge potential for malware authors to extort money; future generations will be even more dangerous.
Education of end users is always important and should not be undervalued, however, with more sophisticated attacks, even educated users can fall victim. And this doesn’t cover users that were infected through self-replicating malware without any action on their side.
Current approaches mostly consist of basic protection — antivirus, patching, and backups. While all of these are critical, they should be considered only a small part of the ransomware strategy.
Today, the prevalent method to attack a network is to exploit the humans by having them open a dangerous attachment or clicking on a link. Using an isolated, well-protected secure browser and email client is a great protection against ransomware. Together with Bitdefender, we’ve put together a technical whitepaper focused on this type of deployment that you can download here: Secure Browsing – powered by Citrix XenApp, Citrix XenServer Direct Inspect APIs and Bitdefender HVI.
The second (and related) strategy is the recommendation to implement security zones with different trust levels. With a new generation of self-replicating ransomware, it is important to stay in control and minimize the impact, with ability to recover the whole segment of the company if needed. I wrote about this topic previously and I’m a big believer in security benefits of this approach. You can read more in my blog post, “Unsinkable”: The Myth of Foolproof IT Security.
Instead of focusing only on recovery, companies need to better understand the different stages of the ransomware kill chain and apply defense-in-depth strategy. I’m planning another blog post on this topic, describing the different stages of the lifecycle and what’s the best protection in the upcoming weeks. Now is a good time to decide — you can either start preparing for the next wave of ransomware attacks, or you should start stashing bitcoins for unnecessary ransom payments…
