Ransomware Protection in the Age of WannaCry: How to Limit the Impact of an Infection and Speed Recovery
If you read IT security news (or, quite frankly, any news at all), you’re familiar with the global WannaCry ransomware attack that was launched recently. It’s a sobering lesson in the value of IT security measures, such as malware detection and hardened virtual appliances, and the role they play in ransomware protection.
On the off chance you’ve missed the news, here’s the story. Hackers used an exploit identified by the NSA to launch a cyberattack earlier this month, infecting over 200,000 end points in over 150 countries with ransomware (a type of malware that encrypts files and demands ransom for them to be restored for access). A particularly virulent strain of ransomware, WannaCry encrypts files on vulnerable computers with insufficient ransomware protection, due to the computers running older operating systems and missing critical patches. Once in, hackers demand $300 to $600 in ransom, payable in bitcoin.
Understanding Ransomware and Ransomware Protection
Ransomware relies on the ability to open the file, modify it and replace the file with an encrypted copy, and with mapped drives any shared content could be rendered unreadable.
When ransomware encrypts files on an individual system, productivity is disrupted. The end user loses access to important data, and one or more IT engineers will be involved in any attempted recovery. In many cases, the attacked organization has no option but to reimage the machine.
By contrast, when ransomware attacks files in shared network storage, the impact is much greater. Entire departments can lose content, including potential backup files if they were mapped to the compromised machine.
Without paying the ransom, there is little one can do to recover files which were only stored locally on the infected system. Modern ransomware is particularly crafty, deleting shadow copies of files and using other techniques that might help victims restore files without paying ransom.
Defending against Ransomware
There are a number of ransomware protection measures organizations can deploy to reduce the risk of ransomware like WannaCry and other malware attacks:
- Use a current operating system that includes the latest security features
- Install all available security patches for your operating system and key applications
- Exercise extreme caution when opening attachments, particularly .zip files
- Deploy an anti-virus and/or sandboxing solution that scans, flags and blocks infected files from reaching users or executing
- Run a secure file sharing service in a hardened virtual appliance, so secure file sharing is never compromised by incoming files infected with ransomware
Achieve Ransomware Protection With Secure File Sharing
For organizations that have a secure file sharing solution in place, like the Accellion secure file sharing and governance platform, the damage caused by WannaCry and other ransomware attacks is dramatically reduced.
Secure file sharing solutions, particularly those functioning inside of a hardened virtual appliance, significantly lessen the number of entry points and all but eliminate the likelihood of a malware attack. Faced with a secure access layer for enterprise content, wherever that content resides, the WannaCry worm is unable to spread. In addition, fileshares based on the Common Internet File System (CIFS) accessed through through a secure file sharing platform are protected even if accessed from an infected machine.
Lastly, built-in AV scanning and integrations with advanced threat prevention (ATP) technologies like Check Point SandBlast provide critical ransomware protection by scanning all incoming files for viruses and Zero Day attacks before they enter the organization.
Accelerate Time to Recovery with Secure File Sharing
For organizations that use a secure file sharing platform to store their business-critical files, or even copies of their local content for collaboration purposes or simple mobile access, the process of recovery is significantly easier and faster. If files are not kept on individual systems or on network share drives, but instead are accessed through the secure file sharing platform, once the infected system is restored to a clean state, any files stored using the platform can be safely accessed by, or copied back to, the user’s machine. This will allow ongoing operations to continue, and faster recovery than restoring from backup (without paying a ransom).
Even if a user does expose their organization’s network to a ransomware virus, and then uploads or syncs an encrypted file through a secure file sharing platform, the customer can revert to a previously unencrypted copy of the file (as long as the customer has not disabled the file versioning capability which is on by default).
Learn more about the security capabilities within the Accellion secure file sharing and governance platform provide organizations with critical ransomware protection.