Ransomware has largely faded from the headlines since WannaCry and NotPetya wreaked havoc across the globe in 2017. In some ways, ransomware creators were victims of their own success.
The attacks garnered so much attention that, as Malwarebytes’ Chris Boyd told CNET in a recent interview, more and more people are backing up their files, which effectively deadens a ransomware attack.
Still, cybersecurity experts say you shouldn’t let down your guard. People have short memories, and as WannaCry fades into the rearview mirror, end users will let down their guard, get lazy, and forget to back up their files.
“I think that we’re going to see more ransomware since this approach works. Files are encrypted, and some people pay money. For the developers of a ransomware, there is very little effort, and the rate of return for ransomware is relatively high,” Amit Serper, a principal security researcher at Cyberreason tells Smarter MSP.
Serper was hailed as a hero for developing the first known “vaccine” to stop a ransomware attack in its tracks. Serper’s actions essentially shut down the NotPetya attack in 2017.
A never-ending fight
Interestingly, though, ransomware is nothing new. The first instance of ransomware was actually seen as far back as 1989 when an AIDS conference was “attacked” with floppy disks.
Since then it has been a continual cat-and-mouse game between bad actors and the researchers and cybersecurity experts trying to stop them.
Serper’s vaccine was widely viewed as a watershed moment in the history of ransomware, but even Serper says there are limits to vaccines at the moment.
“Such vaccines are effective to only contain a specific outbreak,” Serper says. He adds that malware developers are aware of the “trick” he used to vaccinate the machines. They could simply tinker with the code to neutralize the vaccine, and the attacks could resume.
“I want to assume that the attackers had no interest in releasing a new variant that bypasses my vaccination trick,” Serper says.
So, what MSPs can do to help customers avoid victims when the next major attack inevitably strikes?
Four weapons against ransomware
1. Back up, back up, back up! Although a layered approach to cyber security is the best defense, a comprehensive backup strategy is an important tool an MSP can employ to help customers blunt the impact of a ransomware attack. A customer’s information can’t be held hostage if it’s securely stored off-network. An MSP can restore service quickly and easily with minimal disruption if an extensive back-up is employed.
Not all backup strategies are created equal, though, when it comes to fending off ransomware. Brock University Associate Professor of Information Systems Tejaswini Herath concurs that ransomware will rear its head in 2018, and she has backup advice that she shared with Smarter MSP:
Herath recommends a “tiered” or “layered” backup strategy, which includes redundancy. For example, using devices that are not connected to the network, using different media types, and keeping a copy off-site. Encrypt your backups, remembering that ransomware may target all connected devices and drives, including mapped ones. So even if using cloud backup options, it’s important to choose one with threat protection features. “Keep in mind that many ransomware variants can infect any attached drives or network files that are accessible including cloud-based,” Herath says.
2. Intrusion prevention systems. Consider employing some of the latest intrusion prevention products so you can be alerted of a breach and act quickly if one occurs.
3. Patch. The Microsoft vulnerability that enabled WannaCry had a patch released in March 2017. However, Elissa Redmiles, a Ph.D. student at the University of Maryland who has studied malware extensively, told Smarter MSP that the patch was not marked as critical, and many companies and MSPs did not update. “In general, enterprises often still follow the ‘patch once or twice a year’ philosophy, which can leave them at big risk given the speed at which these exploits develop and ransomware is released,” Redmiles says.
4. Endpoint solutions: “I’d recommend MSPs stay up to date with the abundance of endpoint protection solutions out there,” Serper says. There are many next-generation products being developed that block recognizable malware, detect hidden malware activity, and kill the intrusive files.
No one knows when the next WannaCry will rear its head. But one thing most cybersecurity experts agree on: Ransomware is here to stay.
Excellent, Kevin! Appreciated the information for my (our) own education r/t malware!