Defending Against Ransomware with Cloud-Based Workspaces

By: Max Pruger

If you have been monitoring recent IT news events, you are probably aware of one of the most problematic threats impacting cybersecurity today - Ransomware. The growing concern over this potentially devastating malware targets victims by encrypting their computer files and demanding that they pay a financial ransom in order to receive a code that permits the recovery of their information. Recent research from security solution provider Kaspersky Labs noted that ransomware attacks have now surpassed advanced persistent network (APT) attacks as the premier threat to business IT infrastructure today. In the first quarter of 2016, ransomware modifications increased 14 percent, with 2,900 new attacks discovered. Highlighting the growing severity of the situation, ransomware attacks globally rose 30 percent compared with the previous quarter.

The escalation of ransomware is a growing threat across traditional on-premises computing environments, but not new to the industry—and the financial impact to victims continue to mount. Over the last ten years, the Internet Crime Complaint Center received nearly 7,700 complaints from businesses and the public about ransomware. These events represent $57.6 million in damages, which includes ransoms paid to the perpetrators (in some cases as much as $17,000, noted the FBI in a recent report), as well as the financial impact of data loss and the administrative drain of dealing with such attacks.

In a U.S. government interagency technical guidance document aimed at informing chief information officers at critical infrastructure entities, including small, medium, and large organizations, emphasis was placed on education and prevention. According to the document, titled  How to Protect Your Networks from Ransomware, “Attackers often enter the organization by tricking a user to disclose a password or click on a virus -laden email attachment. Remind employees to never click unsolicited links or open unsolicited attachments in emails. To improve workforce awareness, the internal security team may test the training of an organization’s workforce with simulated phishing emails.”

“Prevention is the most effective defense against ransomware and it is critical to take precautions for protection,” noted the report. “Infections can be devastating to an individual or organization, and recovery maybe a difficult process requiring the services of a reputable data recovery specialist.” 

The paper recommended several precautionary measures that users and administrators should take to protect their computer networks from falling victim to a ransomware infection. Some of these actions included implementing an awareness and training program; enabling strong spam filters to prevent phishing emails from reaching end users; scanning all incoming and outgoing emails; configuring firewalls to block access to known malicious IP addresses; patching operating systems; setting anti-virus and anti-malware programs to conduct regular scans, and managing the use of privileged accounts based on the principle of least privilege.