The creators of ransomware have a pretty good grasp of how security software works and adapt their attacks accordingly. Everything is designed to avoid detection while the malware encrypts as many documents as possible as quickly as possible and makes it hard, if not impossible, to recover the data. In some cases, the main body of the attack takes place at night when the IT team is at home asleep. By the time the victim spots what’s going on, it is too late.
“It is vital to have robust security controls, monitoring and response in place covering all endpoints, networks and systems, and to install software updates whenever they are issued,” said Mark Loman, director of engineering for threat mitigation technology at Sophos, and the author of the report.
SophosLabs highlights how organisations can protect themselves against ransomware.
- Check that you have a full inventory of all devices connected to your network and that any security software you use on them is up to date
- Always install the latest security updates, as soon as practicable, on all the devices on your network
- Verify that your computers are patched against the EternalBlue exploit used in WannaCry by following these instructions: How to Verify if a Machine is Vulnerable to EternalBlue – MS17-010
- Keep regular backups of your most important and current data on an offline storage device as this is the best way to avoid having to pay a ransom when affected by ransomware
- Administrators should enable multi-factor authentication on all management systems that support it, to prevent attackers disabling security products during an attack
- There is no silver bullet to security, and a layered security model is the best practice all businesses need to implement
- For example, Sophos Intercept X employs a comprehensive defense-in-depth approach to endpoint protection, combining multiple leading next-gen techniques to deliver malware detection, exploit protection and built-in endpoint detection and response (EDR)
