Photo - Eric Chan, Solution Consulting Director, Fortinet Southeast Asia and Hong Kong.
Following CyberSecurity Malaysia's national ransomware warning last week, networking security provider Fortinet has advised 10 critical, protective measures.
Eric Chan, solution consulting director, Fortinet Southeast Asia and Hong Kong, said that while ransomware is not new, the recent rise in sophistication and distribution is the latest in an escalating trend to find new and unexpected ways to exploit individuals and businesses online."
"Ransomware attacks have become increasingly sophisticated, targeted and lucrative. The recent surge in this form of cyber-attack has many organizations and users understandably concerned," said Chan.
He described ransomware as "a form of malware that infects devices, networks, and data centres by preventing them from being used until the user or organisation pays a ransom to have the system unlocked."
In recent weeks, a number of companies have been affected by new ransomware 'Locky', which surfaced in February 2016 and has rapidly become the second largest family of ransomware in the world, just behind CryptoWall and ahead of TeslaCrypt.
The United States, France and Japan are the top three countries infected by Locky, but the ransomware has also left marks in the Asia Pacific region, said Chan.
He said that ransomware can be delivered in a number of ways such as an infected file attached to an email. Drive-by downloading was another, where a user visits an infected website and malware is downloaded and installed without the user's knowledge. Ransomware can also spread via social media such as Web-based instant messaging applications. And most recently, vulnerable Web servers have been exploited as an entry point to gain access into an organisation's network.
Chan said Crypto Ransomware can infect an operating system so that a device is unable to boot up while other ransomware encrypt a drive or a set of files or file names. Some malicious versions can even have a built-in timer and will begin deleting files unless a ransom is paid.
Do not rely on employees to keep you safe
Fortinet has issued the following 10 critical steps for organisations:
1. Develop a backup and recovery plan - To prepare effectively in case of ransomware attack, back up your systems regularly, and store that backup offline on a separate device. It is also important to ensure that the backup process is practical and diversified.
2. Use professional email and web security tools - Specialisation tools can analyse email attachments, websites, and files for malware, and block potentially compromised advertisements and social media sites that have no business relevance. These tools should include sandbox functionality, so that new or unrecognized files can be executed and analysed in a safe environment.
3. Keep your operating systems, devices, and software patched and updated - This will ensure most up to date defence to block entry ways for cyber criminals as exploitations rely greatly on vulnerabilities.
4. Ensure your device and network antivirus, IPS, and anti-malware tools are running the latest updates.
5. Use application whitelisting where possible - Whitelisting prevents unauthorized applications to be downloaded or run. Restricting users' installations of unsolicited files, software and applications can also help to reduce the effects of ransomware.
6. Segment your network into security zones - An infection in one area cannot easily spread to another with segmentation.
7. Establish and enforce permission and privilege - This ensures the fewest number of users have the potential to infect business-critical applications, data, or services. The uses of strong passwords are highly encouraged and to reduce risks, change the passwords often.
8. Establish and enforce a BYOD security policy - A clear and effective BYOD policy will ensure consistent enforcement of inspection, thus blocking devices which do not meet your standards for security (no client or antimalware installed, antivirus files are out of date, operating systems need critical patches, etc.)
9. Deploy forensic analysis tools - Forensics tools help identify where the infection came from, how long it has been in your environment, that you have removed all of it from every device, and that you can ensure it does not come back.
10. Do NOT rely on employees to keep you safe (CRITICAL) - While it is still important to up-level your user awareness training so employees are taught to not download files, click on email attachments, or follow unsolicited web links in emails, human beings are the most vulnerable link in any security chain, thus there must be alternative plans in the event of a security compromise.
"Ransomware can cause devastating losses. By taking appropriate preventive measures, one can significantly lower the risk of being infected, and reduce the impact on the organisation," said Chan.
Sign up for CIO Asia eNewsletters.