The Solution Provider s Guide to Protecting Clients from Ransomware

Transcription

1 The Solution Provider s Guide to Protecting Clients from Ransomware

2 THE SOLUTION PROVIDER S GUIDE TO FIGHTING RANSOMWARE Hundreds of thousands of ransomware attacks take place every single day. No one is immune. From individuals and small businesses to large enterprises and government agencies, everyone is a target. It s hard to pinpoint exactly how much money ransomware attackers have raked in over time, because not all victims report incidents, but the FBI estimates that victims dished out at least $1 billion in ransom payments in % of partners tell us ransomware is the #1 concern of their clients. Ransomware has become an epidemic and is now one of the top concerns of cybersecurity professionals due to the frequency of attacks and the risk of losing critical organization assets, including financial records, standard operating and even required day-to-day documents. In 2016, attacks increased by 300% and that number is expected to continue to rise in Extortion amounts demanded by attackers are routinely considered affordable, so most businesses conclude it s easier to pay than to fight the attackers. But the more they pay, the bolder the ransomware crooks get and the higher the extortion demands go, making ransomware a lucrative enterprise for cybercriminals. The best way to deter ransomware attacks is to be in position to refuse to pay. Unfortunately, that is easier said than done for some organizations. For small and medium businesses (SMBs), where data backup and security best practices are often ignored or overlooked due to budget limitations or lack of skill set, paying seems the easy way out. But that can change with some help from IT service providers. By educating SMBs on the threat, solution providers can help to implement reliable ransomware protection through advanced security tools and regular data backups. 2

3 UNDERSTANDING THE THREAT Ransomware works by locking up a computer screen, or encrypting some or all of its files, and demanding ransom to restore user access to the data. When the screen is locked, a message on the screen demands ransom, typically payable in Bitcoin. 41 % of partners say not being able to guarantee protection is their top roadblock to selling ransomware prevention. When it comes to cybersecurity, many SMBs suffer from the it can t happen here or we are too small to warrant any interest syndromes, thinking cybercriminals wouldn t find anything of value in their networks. But that s a dangerous misconception one that solution providers must work to dispel. Any company that keeps HR, medical or financial information and that s just about every business has data that interests cybercriminals, who then turn around and ask, How much will you pay to regain access to it? What s it worth to you? Recognizing that everyone is a potential victim is the first step toward protecting a business from ransomware. 3

4 A VARIETY OF STRAINS To maintain a grip on the ransomware threat, solution providers must keep up with developments. New, more devious variants keep emerging as older ones fade into the sunset. Ransomware authors constantly think up new tricks to deliver variants to unsuspecting users and in some cases, they ve gotten particularly creative with their demands. One type of ransomware, for instance, acted as a sort of deranged public service by forcing victims to educate themselves about ransomware itself. A warning was issued, threatening to encrypt or delete every file on the target's computers if they didn t read two articles Stay Safe While Browsing on the Google Security Blog and a Bleeping Computer post on the Jigsaw ransomware variant. After victims read the articles, they were instructed to press a button on their screen leading to a decryption key. A variant called Spora offers victims a choice of payment amounts based on the kind of file they want to restore and even an option for immunity from further attacks, which has stood out, thanks to its professional approach. The Spora ransomware is slowly making a name for itself as one of the most well-run ransomware operations on the market, with a very well-designed ransom payment portal, some solid customer support and also efforts to improve the ransomware's reputation among victims, Bleeping Computer reported. Plenty of other variants have emerged and some are nowhere near as polite as Spora. Jigsaw encrypted data and started deleting file groups to pressure victims to pay quickly. Chimera set a deadline for payment and threatened to post online victims files, including photos and video, if they missed the deadline. Another ransomware strain, Popcorn Time, created a moral dilemma for victims by inciting them to attack two others in lieu of paying ransom themselves. 4

5 BEYOND EXTORTION Ransomware costs aren t limited to extortion fees. If an organization refuses to pay or pays and doesn t get its data back additional costs accrue. According to Gartner, costs include network mitigation, network countermeasures, loss of productivity, legal fees, information technology services, and/or the purchase of credit monitoring services for employees or customers. $47 MILLION average cost of cyberattack A cyberattack costs companies an average of $4 million, according to the Ponemon Institute, and Juniper Research estimates the overall cost of cybercrime will reach $2 trillion by Ransomware attacks are sure to contribute significantly to that number, thanks in part to the cost of entry for cybercriminals being relatively low. It doesn t take much technical knowledge, since crimeware kits are available for a few hundred dollars on the dark web. With so much profit potential, you can bet the ransomware epidemic will only continue to spread. 5

6 USER DANGER Most ransomware infections start when a user clicks an infected attachment or visits a compromised website. Unwittingly, the user unleashes the malware into his or her computer and if it isn t blocked, it often spreads to the entire network. In most cases, the initial ransomware attack occurs on a user s laptop or workstation. Therefore, locally stored data in files and folders, file shares, cloud storage via gateways, as well as any mapped network drives, is inherently vulnerable, research firm Gartner said in a recent best practices report. Another, far less common approach is when hackers get inside the organization and then use encryption of data as a tool to force payment, according to Gartner. purporting to be a notification of a package delivery, resume from a job applicant, request for a signature on a business quote, or a personal message that appears to be from a known sender, to name a few examples. Some phishing attacks target specific groups or individuals, in what is called spear phishing. A method called whaling targets high-level corporate executives, politicians and celebrities. Whaling s and websites are highly customized and personalized, often incorporating the target's name, job title or other relevant information gleaned from a variety of sources, TechTarget has reported. of ransomware attacks 90 % result from phishing Phishing is the most common method attackers employ in getting users to infect their machines, with more than 90% of ransomware attacks start with phishing, according to researchers. Phishing s bait victims into clicking attachments or URLs with a message 6

7 USER EDUCATION Education is critical to protecting businesses from phishing attacks that can lead to ransomware infections. Solution providers should work with clients to understand, identify and avoid the risks by developing and implementing a user awareness and training program. 28 % of partners say clients don t know they are at risk of ransomware. As part of the training, users should be given examples of phishing s so they learn what to look for. All employees should know how to spot a malicious and what to do when they encounter a potential ransomware lure. Education has to be an ongoing effort, conditioning users against clicking suspicious attachments and URLs and teaching them to report suspicious s so they can be investigated promptly. 7

8 VULNERABILITY ASSESSMENT In addition to keeping up with threat developments and educating users, solution providers also must deliver the tools that help deter ransomware attacks. This should start with an assessment of each client s vulnerability level. If you re a managed services provider (MSP), chances are you already have a firm grip on each of your clients vulnerabilities, since you have the responsibility of maintaining their systems to optimize performance and minimize downtime. MSPs get to know their clients environments better than even the owners themselves by monitoring and maintaining systems, applying security patches and troubleshooting in response to alerts. Upon completing a vulnerability assessment, partners can determine which ransomware-fighting tools to implement. As with other security threats, fighting ransomware requires a layered approach that includes strong endpoint security tools. 8

9 ENDPOINT SECURITY Endpoint security is essential in the fight against ransomware. Tools should cover more than the basics of scanning for known viruses. Businesses need an advanced solution with built-in intelligence to identify known malware and phishing threats, as well as zero-day threats and any suspicious code that could turn out to be a new malware variant. Endpoint protection also should prevent browsers from accessing URLs where ransomware resides and secure mobile devices such as smartphones and tablets, as well as removable devices such as USB sticks. All of these are potential targets for ransomware attackers. Protection against ransomware should include the following: Strong, advanced endpoint protection with machine learning and other sophisticated technologies to prevent unknown threats Intelligent anti-phishing defense Firewalls and web filters that block access to IP addresses known to be malicious filters that block suspicious files and URLs from reaching recipients Patch management for all operating systems, applications and firmware Behavior analysis to detect zero-day threats Identity management to limit user access to only the resources they need Data backup and recovery, preferably with frequent incremental backups 9

10 THE SOLUTION PROVIDER'S GUIDE TO PROTECTING CLIENTS FROM RANSOMWARE PREVENT RANSOMWARE WITH VIPRE VIPRE offers superior ransomware protection by preventing many of these threats before they can infect PCs. Using the top-rated VIPRE antivirus engine that consistently scores a 100% block rate and zero false positives, VIPRE provides a strong defense against phishing attacks, malicious URLs, Zero-day exploits and other online threats used to spread ransomware. Its Advanced Active Protection capabilities add an additional, sophisticated layer of ransomware defense by using cloud-based security services and behavioral analysis to prevent these pervasive threats. 40 say accurate information % ofonpartners how solutions can prevent ransomware would make selling solutions easier. Schedule a Demo 10

11 SOLUTION PROVIDER BENEFITS When solution providers work to prevent ransomware attacks against clients, they help the clients and themselves. Here s how: Self-preservation If you succeed in preventing attacks to your clients networks, you help keep them in business, or at least avoid unplanned remediation expenses, thereby protecting your own business. If a client suffers a ransomware attack, the client might start to doubt you can protect them in the future and seek out another provider that can. Value Add Service providers are always looking to add value because most technology becomes commoditized over time. With security, the technology evolves constantly to keep up with the changing threat landscape, lessening the risk of commodity. In addition, by wrapping education and monitoring service around the technology, you increase your value by addressing a serious business problem that most clients are not equipped to tackle on their own. New Business By creating value-add services around security offerings, partners add expertise that attracts new business. In the current business environment, where cybersecurity is such a major concern, you boost your prospects of finding new customers by addressing their security needs. And that translates to business growth and improved profitability. Trusted Advisor The more customer needs you address, the more you become entrenched in their business. Adding value by protecting their data and teaching users how to identify and avoid threats such as ransomware strengthens customer relationships. This is what being a trusted advisor means, which significantly contributes to client relationship longevity. 11

12 CONCLUSION As the ransomware epidemic continues to spread, SMBs will need help to protect their data and fight off the threat. IT service providers can help by implementing advanced anti-ransomware technology and instructing users on best practices to avoid attacks. In doing so, solution providers address a vexing problem for customers while adding value and cementing their role as trusted advisors.

13 ABOUT VIPRE VIPRE is the highest-rated, award-winning internet security product for businesses and home users. It is powered by the world's most sophisticated security technologies that protect millions of users from today s top online threats, including ransomware, Zero-days and other malware that easily evades traditional antivirus. Backed by cutting-edge artificial intelligence, one of the world s largest threat intelligence clouds and real-time behavior monitoring, VIPRE deploys in minutes to deliver unmatched protection without slowing down PCs. All VIPRE customers receive free U.S.-based technical support. Simply the Best. VIPRE wins Top-Rated Security Product and consistently wins 100% block rates and zero false positivesfrom AV- Comparatives. 13

14 REFERENCES 1 Dark Reading, FBI Official Explains What To Do In A Ransomware Attack, September darkreading.com/attacksbreaches/fbi-official-explains-what-to-do-in-a-ransomware-attack/d/did/ ZDNet, The Cost of Ransomware Attacks: $1 Billion this Year, September Justice.org, How to Protect Your Networks from Ransomware Computer Business Review, New Ransomware Will Delete Your Files If You Don t Educate Yourself, January uncategorised/new-ransomware-will-delete-files-dont-educate/ 7 Juniper Research, CYBERCRIME WILL COST BUSINESSES OVER $2 TRILLION BY 2019, May press-releases/cybercrime-cost-businesses-over-2trillion 8 Juniper Research, CYBERCRIME WILL COST BUSINESSES OVER $2 TRILLION BY 2019, May press-releases/cybercrime-cost-businesses-over-2trillion 9 Gartner, Use These Five Backup and Recovery Best Practices to Protect Against Ransomware, June doc/ /use-backup-recovery-best-practices 10 Gartner, Use These Five Backup and Recovery Best Practices to Protect Against Ransomware, June doc/ /use-backup-recovery-best-practices 5 Wired, Devious Ransomware Frees You If You Infect Two Other People, December Bleeping Computer, Spora Ransomware Sets Itself Apart with Top-Notch PR, Customer Support, February com/news/security/spora-ransomware-sets-itself-apart-with-top-notchpr-customer-support/ 14