by Simon Edwards
When will we be finally rid of ransomware? I imagine CISOs up and down the land repeat the same question most every day. Because it’s on a near daily basis we hear of yet another new variant causing havoc around the world. Most recently, reports have focused on new strains being offered “as-a-service” for non-technical cybercriminals to disseminate, ensuring the outbreak has now reached epidemic proportions. The truth is that until all organisations start refusing to pay the ransom, and/or get better at security basics, there’ll always be enough profit to keep the black hats interested.
At our CLOUDSEC conference in London next month we’ll be explaining exactly how businesses can take control back from the bad guys and start getting proactive about locking down ransomware risk.
The battle continues
Only this week, Trend Micro researchers found yet another variant doing the rounds: R980. Detected by us as RANSOM_CRYPBEE.A, this one arrives through spam emails or compromised websites and uses an interesting new strategy to maintain the anonymity of its creators. They use Mailinator, a service which creates disposable email addresses and then automatically dumps them after a few hours. Like many other such threats, it also uses malicious macros as an infection vector, reiterating the need for IT managers to disable macros in all their Office apps.
As per the above advice, the key to staying safe from ransomware revolves around some pretty tried and tested best practices – no reinventing of the wheel necessary. Here are a few tips for starters:
Back up as per the 3-2-1 rule: at least three copies in two different formats with one offline/offsite
User education: make staff the first line of defence by training them to spot suspicious emails
Application control: app whitelisting can reduce the chances of malware getting on key systems
Network segmentation: could reduce the spread of ransomware through an organisation should there be an initial infection
Disable macros: as per the above, malicious macros are a common threat vector
Layered protection: choose a security provider that can block ransomware at the web and email gateway, endpoint, network and server – there are many infection methods
CLOUDSEC to the rescue
Ransomware will be just one of the hot button issues to be discussed at CLOUDSEC. Now in its second year, this leading one-day conference will feature some of the industry’s biggest names including Barclays Global CISO, Troels Oerting, Trend Micro CTO, Raimund Genes, and FBI Supervisory Special Agent, Timothy Wallach.
It’ll be their job to guide you through a huge range of cybersecurity issues, from how best to interact with law enforcement to battle global cybercrime, to what the key questions CEOs should be asking about security. There’ll be representatives from academia, industry, law enforcement and more, all on a mission to help you Take Control of your IT systems.
What: CLOUDSEC UK 2016
Where: Park Plaza, Westminster Bridge Road, London SE1 7UT
When: Tuesday, 6 September 2016
To find out more, visit the CLOUDSEC website today.