Understand fact versus fiction in modern day ransomware attacks.
What’s the difference between ransomware and typical malware? Mostly, the effects. In a ransomware attack, the data is encrypted and the decryption key is not given until a ransom is paid. Malware tries to damage or disable computers and systems. The good news is the two attacks operate in fundamentally the same way, which means ransomware can be defended against in the same way.
Unfortunately, ransomware has become an issue for many companies around the world.
“This affects everyone. Everyone is at risk,” said Ian McShane, research director, at the Gartner Security & Risk Summit 2017 in National Harbor, MD.
Read More: Learn from the WannaCry Ransomware Attack
However, myths about ransomware continue to plague the community.
Myth: Ransomware = Zero-Day Attacks
Fact: Attackers can choose from hundreds of known vulnerabilities that remain unpatched and since developing a new or zero-day attack is difficult and expensive, will generally target those known vulnerabilities. With that in mind, system patching should be a top priority.
“Stop thinking about zero day and start thinking about things being attacked today,” said Mr. McShane
Fact: The first problem is that many organizations do not have the most recent Endpoint Protection Platform (EPP) running. It doesn’t need to be the latest version, but it shouldn’t be three years old. If they are deployed, many groups only have a portion deployed because they don’t realize that new capabilities included in releases need to be tested and enabled. It’s also common that recommended guidelines aren’t being adhered to and it’s important to talk to the vendor and conduct continuous assessment. For an EPP to be the most effective, it should be one fully configured technology stack, versus two partially configured technologies. Make sure you’re doing minor updates every 3 months and major updates every 6 months and get a configuration check from the vendor.
Myth: Your EPP will protect you from all threats
Fact: Old versions of EPP rely on on signature-based prevention which only works on known threats and most ransomware can be repackaged. Ensure your organization deploys AND enables non-signature technologies.
Myth: EPP gives you all the insight you need
Fact: Many organizations are still relying on the end user to report security problems and lack visibility on endpoint processing. Many companies don’t explore where a problem comes from or why it’s happening. Is it a user-education issue or technology-based? Look for increased visibility and be able to respond to endpoint incidents and make sure you look for the root of a problem.
Myth: Firewalls and other perimeter solutions are all you need
Fact: Most of the payload comes from the internet and most organizations are not using best practices. Attacks are successful because of poor or outdated perimeter security, so ensure you’re using the latest patches and configurations.
Myth: Administrators follow best practices, all the time, every time
Fact: The truth is that not all admin accounts are monitored and admins are busy and stretched too thin. Those admin accounts and admin endpoints are high value targets so they should be monitored for unauthorized usage. Treat admin access as a data resource and protect it the same way.
Myth: Everything will be okay if you have a backup
Fact: Backups are great but they should be the last line of defense not a mitigation technique. Oftentimes organizations don’t monitor backups and ransomware now actively attempt to get access to the backups as well. Now is the time to document DR procedures and test regularly. Make sure there is limited read/write access to backup locations and monitor for any changes. You might even consider an offline backup.
Get Smarter
Client Research
Gartner clients can learn more in the full research Seven Myths That Could Compromise Your Ransomware Response.
Digital Risk & Security Hub
Visit the Gartner Digital Risk & Security hub for complimentary research and webinars.
Gartner Security & Risk Management Summits 2017
Gartner analysts will provide additional analysis on IT security trends at the Gartner Security & Risk Management Summits 2017 taking place in Tokyo, Mumbai, India, Sao Paulo, Sydney London and Dubai. Follow news and updates from the events on Twitter at #GartnerSEC.
