SC Media Reviews: April 2018 Group Test – Ransomware

The costly, malicious effects of ransomware continue their unwelcome yet expansive trajectory in 2018, much to the weary exasperation of both public officials and private security officers alike. No industry or sector is safeguarded. Healthcare systems, non-profit charities, government entities and still others stand vulnerable to these extortive attacks. As a result, organizational security teams with needed expertise must respond promptly. Simple awareness just doesn't cut it any longer when dealing with potentially high losses -- whether in terms of money, time or resources.

The reason is that not too long-ago ransomware mutated from isolated money-grabbing schemes into potentially large-scale disruptions. Per the adversary's intent, the aggregate costs are in incalculable lost productivity and non-recoverable data. In fact, the more malicious incidents appear to serve as agents of chaos, with instructions to release the encrypted files muddled if not outright deceptive. Even when the infected machine displays a (now somewhat familiar) demand for Bitcoins, many organizations prefer to wade into resource-consuming restorative efforts rather than pay hackers. The outcome is still a loss, though one of productivity more so than finances. The growing spate of attacks indicates a need to differentiate between those cybercriminals seeking lucrative targets and, other, more nefarious, players on the hunt for bigger bounties such as intellectual property or exfiltrated data.

This all leads to some experts doubling the ante on their recent estimates of global financial damages from ransomware infiltration – up from $5 billion in 2017 , to over $11 billion projected by the end of 2019, according to Cybersecurity Ventures. This scale doesn't accurately depict the inevitable likelihood of an incident arriving incognito at your organization's doorstep, regardless of the attack vector.

The proliferation of diverse ransomware strains accordingly requires a multivariate security solution – different mechanisms applied at different phases of the incident – which in turn allows vendors to focus on different approaches to addressing ransomware. The constant remains the targeted local machine, with the malware seizing and encrypting key files that render the asset effectively locked down. What changes is how defensive responses are implemented. E; Eequally important is the ransomware attack phase to which each security implementation correlates.

First, is the delivery phase in which malware is transmitted via a link in an email, a request on a compromised website, or other meansetc. Next, By all accounts, sooner a later a misstep by a user – even the most cautious one – propels the attack to the second phase. During this infection phase, code is retrieved from the malicious infrastructure and encryption takes place. The discouragingly brief timeframe for this phase – the victim can fall prey to infection in mere seconds – only underscores how vital it is to have a robust countermeasure in place. The recovery phase follows. Hopefully, IT professionals maintain a set of mostly up-to-date backups to replace data that will have been wiped clean from machines by the bad guys.. Restoring data using backups is essential,  regardless of whether or not a ransom is paid, out to ensure no traces of the malicious code remain.

This practical timeline of an attack also provides pretty sound and of an attack's events, but also provides the valuable insight about that each phase and its unique challenges.s unique challenges Consider that the first phase alone can be broken down further to distinguish between mere user exploitation and failure to detect attacks. Which element more closely relates to your organization at present? Is there lack of security awareness or is your email not being filtered carefully enough?  The bottom line is that most important phase is the one for which you are least prepared – hence the need for a mature ransom management application that addresses all three with equally intense resolution.

With this in mind, we test-drove this month's candidates across multiple levels in our testing environment. We made use of vendor-provided cloud testing environments, appreciating the coordination and guidance through the various installation and execution paths. For a wider berth and more autonomy, we were especially glad to have been invited to use Ann Arbor-based Merit Network Cyber Range, a virtualized environment specialized for testing. Finally, there were instances where we took extra measures and employed our own internal virtualized testing structures. This is also a good, concise explanation about running the tools through the paces.

If you aren't familiar with all the damage wrought by ransomware, take heed. With the ever-increasing sophistication blooming in this arena, your organization is going to need additional resources to reconcile current measures with the dangers of tomorrow.

Please click HERE read the reviews.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.