Ransomware attacks could one day evolve to increasingly target back-up files, one of the few effective tools security professionals managers have to remediate an infection, according to a panelist at the RiskSec Toronto 2017 conference this week.
"They're probably going to trigger this so that you can't do a restore from your backups without... the encryption key," said Walt Williams, director of information security at Monotype Imaging Holdings. Williams spoke alongside fellow presenter Angus MacDonald, director of sales engineering at Trend Micro Canada, in a session focusing on how companies can effectively defend themselves against ransomware.
According to both speakers, a few basic steps – including diligent patching, installing properly configured anti-malware solutions, introducing intrusion prevention systems and strong IPS rules, and creating back-up files – can go a long way to halt or limiting the damage of most ransomware attacks.
And yet, some companies are still not adequately prepared for such threats, as illustrated by MacDonald, citing a Canadian hospital client of Trend Micro that recently fell victim to the May 2017 WannaCry ransomware campaign.
"This customer had not updated their security product in almost two years," said MacDonald. In fact, they hadn't even... renewed the license, so they were running the product without any proper support." Fortunately, most of Canada was spared the brunt of WannaCry's wrath.
Meanwhile, Williams explained how his former company Lattice Engines has successfully avoided any infections since 2012, when Williams' then-boss fell victim to a ransomware attack after clicking on a malicious link. To prevent any similar incidents, the company strengthened the rules for its customizable anti-virus solution, added a complementary anti-malware solution, installed an intrusion detection system, enabled gateway and exchange server spam filtering, and incorporated malware checking into its vulnerability scanning practices.
Explaining why Lattice Engines reconfigured its anti-virus rules, Williams said, "If you're running with default rule sets on your antivirus packages, you might as well run unpatched versions of them."