Dealing with ransomware the intelligent way

Johannesburg, 11 May 2018
Read time 5min 20sec

We asked Jeremy Matthews, Regional Manager of Panda Security Africa his thoughts on the current state of cyber security ahead of the ITWeb Security Summit.

What are the challenges businesses face around ransomware?

The primary challenges are business disruption and loss of productivity; financial loss without any guarantee that the data will be restored; and a possible compromise of company intellectual property, customer data and confidential information.

How are businesses currently dealing with ransomware attacks?

We have found that companies, for the most part, either pay the ransom or try to restore from whatever backups they have available and just try and cope with the loss of data. We do not advocate the payment of the ransom, as this only creates more incentive for criminals to continue these malware campaigns.

Do you have an idea of the level of attack businesses in SA are facing?

Unfortunately, there are very few reliable statistics regarding ransomware attacks in SA. This is partly because companies are quite unwilling to admit they have fallen victim to ransomware, or unwilling to admit how many times they have fallen victim. However, anecdotal evidence points to a very high prevalence of attacks in South Africa. These attacks come in waves, with the release of each new strain of ransomware. In the USA, the departments of justice and homeland security believe victims paid over $24 million in 2015 to criminals to have their systems restored. Aside from Trojans, ransomware was the most common form of cyber attack throughout 2015.

The problem has gone way beyond how many people/businesses are infected with ransomware. We are now talking about how many people/businesses in the last 'x' amount of time have been hit by which family of ransomware.

What are the blind spots companies with existing security solutions have? What are they not realising about the security they have?

There are a few important blind spots to be aware of:

* The users themselves are often unknowingly responsible for the initial infection. General security education is the first step to ensure your company remains safe and secure.
* Almost all traditional security solutions work in much the same way. They rely on the malware either matching a sample (malware signature) they have taken previously or triggering some kind of heuristic or behavioural rule. This creates a window for what are called zero-day threats. A zero-day threat is simply a threat that has never been seen before in the 'wild' and thus has never been seen by an anti-virus. We refer to this as the malware window of opportunity.
* Cyber criminals are also constantly searching for and finding new and ingenious ways to infiltrate our networks.

What level of employee is likely to be targeted?

No employee or individual is immune to these attacks. Hackers will use a specific individual's endpoint, such as their Android devices, to access the organisation's network and encrypt data on that network. Ransomware as a malware category is normally very broadly targeted, going after anyone they can get infected. However, criminals are always looking to optimise their return and will target high-profile individuals or institutions where possible. One example is the recent targeted ransomware attacks on hospitals around the world.

What is best practice in terms of dealing with ransomware?

Once you are infected, it is generally already too late. By then you only have three options: restore from any backups you may have, lose the data or pay the ransom. If you are not using an advanced security solution, the best way to prepare yourself would be to ensure you do regular backups (ideally off-site), filter mail and URLs for dangerous file types, ensure systems are patched and up to date, and educate your users to the dangers of ransomware and ensure they are aware of suspicious e-mails and attachments.

Panda suggests Adaptive Defense (AD) solution to prevent ransomware infections. How does it work?

Adaptive Defense is a managed cloud-based solution that will monitor all actions on the endpoint and classify them as either malware or goodware. If a new program tries to run and has not already been automatically classified as goodware, the program will be blocked until it can be classified by Panda Labs. This approach closes the window of opportunity on zero-day threats (including ransomware) and provides superior protection against other pervasive malware, such as advanced persistent threats (APTs).

The product falls into a new category of security solution called endpoint detection and response (EDR) and has been made possible by advances in big data and cloud computing. The product is available in two versions: Adaptive Defense and Adaptive Defense 360. AD360 is the first of its kind using traditional endpoint protection (EPP) and EDR to monitor and protect individual endpoints.

Jeremy Matthews will speak at the ITWeb Security Summit this month, sharing his insights into how to effectively root out advanced persistent threats with new-generation endpoint technology.

The ITWeb Security Summit is southern Africa's definitive conference and expo for information security, IT and business professionals. This year, over 70 expert speakers will deliver key insights across seven tracks, including workshops and training courses, during the expanded five-day event. The ITWeb Security Summit will be staged at Vodacom World, Midrand, from 22-23 May 2018; and CTICC Cape Town on 29 May 2018. Focused and interactive workshops as well as in-depth training courses will be run in the days around the main conference and exhibition.

ITWeb Security Summit 2018

Registration is open for the ITWeb Security Summit 2018, being held in Johannesburg on 22 and 23 May and in Cape Town on 28 and 29 May. This is the must-attend annual event for information security professionals, featuring international speakers, workshops, as well as a beginners' guide to cyber security. Click here.

Editorial contacts
ITP Communications Leigh Angelo (+27) 11 869 9153
See also