Threat Management, Malware, Ransomware

Expect ransomware to increasingly target back-up files, panelist warns

Ransomware attacks could one day evolve to increasingly target back-up files, one of the few effective tools security professionals managers have to remediate an infection, according to a panelist at the RiskSec Toronto 2017 conference this week.

"They're probably going to trigger this so that you can't do a restore from your backups without... the encryption key," said Walt Williams, director of information security at Monotype Imaging Holdings. Williams spoke alongside fellow presenter Angus MacDonald, director of sales engineering at Trend Micro Canada, in a session focusing on how companies can effectively defend themselves against ransomware.

According to both speakers, a few basic steps – including diligent patching, installing properly configured anti-malware solutions, introducing intrusion prevention systems and strong IPS rules, and creating back-up files – can go a long way to halt or limiting the damage of most ransomware attacks.

And yet, some companies are still not adequately prepared for such threats, as illustrated by MacDonald, citing a Canadian hospital client of Trend Micro that recently fell victim to the May 2017 WannaCry ransomware campaign.

"This customer had not updated their security product in almost two years," said MacDonald. In fact, they hadn't even... renewed the license, so they were running the product without any proper support." Fortunately, most of Canada was spared the brunt of WannaCry's wrath.

Meanwhile, Williams explained how his former company Lattice Engines has successfully avoided any infections since 2012, when Williams' then-boss fell victim to a ransomware attack after clicking on a malicious link. To prevent any similar incidents, the company strengthened the rules for its customizable anti-virus solution, added a complementary anti-malware solution, installed an intrusion detection system, enabled gateway and exchange server spam filtering, and incorporated malware checking into its vulnerability scanning practices.

Explaining why Lattice Engines reconfigured its anti-virus rules, Williams said, "If you're running with default rule sets on your antivirus packages, you might as well run unpatched versions of them."

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.