Defending Against Ransomware with Cloud-Based Workspaces

Organizations could be implementing technology counter steps to stop ransomware perpetrators from corrupting their IT systems.

However, regardless of countless warnings such as these, ransomware is still finding its way into organizations of every size and category. IT security specialists typically recommend isolating the affected system as quickly as possible. This includes the removal of all attached hard drives, flash drives, and any other device that stores data. These isolated systems should be backed up to a separate, secure environment as it may also become infected. The authorities should also be contacted as they will make further recommendations such as deleting the registry values and files to stop the program from loading and syndicating the virus.

Inability to prevent ransomware attacks

The only available recovery strategy (paying the ransom demanded) is questionable at best as the recovery of data is not guaranteed. As a result, organizations face an uphill battle when challenged with the dilemma that this class of cyber threat poses. Even more, ransomware attacks are increasingly tough to protect systems and data against since the malware is constantly morphing and reshaping to avoid detection and removal.

Many forms of ransomware, including CryptoLocker, JIGSAW, CryptoWall, Teslacrypt, and CTB-Locker, require the victim to open an executable file, which triggers malicious code through links or attachments to suspect websites. CryptoLocker, a particularly vicious and emerging variant, infects email by encrypting client data and saving the key on virus control servers until the payment is made. Petya is another make of the virus that applies complete disk encryption, removing the victim’s ability to access their own computer, including the hard drive and operating system.

Unfortunately, there has been very little that even high-profile organizations can do but capitulate to the petition of cyber-criminals who deploy ransomware as their sinister calling card. In February of this year, the Hollywood Presbyterian Medical Center broadcast an “internal emergency” after their IT infrastructure was corrupted by ransomware, leaving hospital personnel unable to access patient information. Victims of these attacks typically feel they have no other option but to submit and pay the ransom. However, organizations could be implementing technology counter steps to stop ransomware perpetrators from corrupting their IT systems.

One of the imposing factors of ransomware is that any organization can be hit with an attack if not taking the measures necessary for defense. In one instance, a Police Department in Cape Cod was infected with ransomware this summer. The department’s IT director realized that there was an issue when many of their systems and software solutions ceased operation. These included their records management system, dispatch software, etc. While the disruption resulted in IT downtime, they were able to recover the encrypted data using a disaster recovery solution after the attack had taken place. Regardless, the loss in productivity for many organizations can be financially troublesome, or in the case of a police department, result in less responsive public services.

Re-thinking IT to strengthen the barriers of entry

FTC Chairwoman Edith Ramirez recently suggested that an organization’s lack of preventative measures in addressing ransomware, “could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack.” Statements made by Ms. Ramirez foreshadow a path that U.S. government officials may eventually take to counter the spread of such attacks. Government agencies are now considering pre-breach enforcement on businesses to bring the ransomware’s boiling pot down to a simmer.

Addressing this challenge may be as simple as re-thinking IT infrastructure in order to establish stronger barriers of entry for ransomware. One approach is the implementation of WaaS or Workspace as a Service. WaaS is a form of desktop virtualization that companies utilize to provide their employees with access to business applications and data from anywhere and at any time using the client’s computing device of choice, whether that be the desktop PC at work or their laptop, tablet, or smartphone. All of the organization’s mission critical applications and data are a fingertip away with WaaS which has been a significant driver of its adoption. However, with respect to ransomware, the magic in how WaaS is isolated from these kinds of attacks follows from the solution’s architecture and how access to applications and data are controlled.


Latest Updates

Subscribe to our YouTube Channel