A Layered Approach to Ransomware Protection

The latest string of ransomware attacks, plaguing more than 100 countries worldwide, has many researchers scratching their heads as to exactly how it happened and how it spread so quickly.

While the researchers are doing their digging, there’s one thing we do know for sure: there are steps you can be taking right now to limit your risk of exposure. You may be taking some of them already, but if you’re not taking a layered approach to ransomware protection, you may be leaving your company exposed in ways you don’t realize. Read on to learn more.

Some background for those who are newer to the ransomware scene:

Malware is any code installed maliciously or accidentally that provides a 3rd party access to data on a computer/server system (VM or Dedicated). Ransomware is a specific type of malware that takes all or a subset of files on a given system and applies, typically, an encryption algorithm that effectively blocks useful access to the rightful owner of the files until a ransom is paid or some other extortion demand is met.

The most obvious and effective way to limit risk of this type of exposure is to make sure that your system isn’t vulnerable or exposed to the exploit in the first place. Thus, a properly configured Managed Firewall, Managed Patching, and Managed Anti-Virus are the best and most pertinent first lines of defense.

But because of the resourcefulness of the black hat hacker community and malware developers, there will always be risk of a new zero day exploit, which firewall, patching, and AV (Antivirus) will not be able to stop.

At HOSTING, we believe it’s very important, and most effective, to apply security in a layered approach. The more layers that can be applied to a system, the more protected it will be. Therefore, we recommend data backups and CRS services to roll back data points to a usable state.

Here are the layers that we provide for our customers to help mitigate their risk and keep them from falling prey to these attacks:

  1. Managed AV (Antivirus)

    a. Benefits – Effective in stopping known exploits and malware for currently supported Operating Systems.

    b. Limitations – Only effective if it’s configured properly and managed. Ensure that your current service provider can effectively manage your AV solution.

  2. Managed Patching

    a. Benefits – Stops known exploits and malware for currently supported Operating Systems.

    b. Limitations – Only effective if patches are applied when released by the OS (operating system) or application vendor. Ensure that you’re applying your patches when they’re released by the OS, or find a provider who will develop a custom SOW and work with you to ensure patching is executed in a timely manner.

  3. Backups

    a. Benefits – Offers a point-in-time recovery option for infected files.

    b. Limitations – In some scenarios, a full-level system restore is not possible, so recovery from malware may be time consuming. This is not a limitation of the service itself, but the more time between the exposure and the restore, the higher the risk of data loss due to RPO (recovery point objective) considerations. If a backup exceeds the retention period of the date of infection, the file(s) could be unrecoverable.

  4. CRS (Cloud Recovery Services)

    a. Benefits – Offers limited point-in-time recovery option for entire VMs.

    b. Limitations – CRS is available only for virtual machines, not for dedicated servers. The journal length dictates the maximum age of a restore, which is typically much shorter than backup retention periods. CRS are most effective in reversing exposure if the exposure is caught quickly.

  5. Managed Firewall

    a. Benefits – Blocks malicious code that is not destined for a customer/service required port.

    b. Limitations – Outbound traffic isn’t typically blocked via policy, making accidental user-initiated exposure possible. Vulnerabilities that leverage customer/service required ports are also not blocked.

  6. Other Services (Threat Manager, Log Manager, Web Application Firewall or WAF)

    a. Benefits – Threat Manager and Log Manager are effective in identifying and alerting to potentially malicious activity. A WAF blocks a very specific subset of known vulnerabilities at the front-end web tier.

    b. Limitations – Threat Manager and Log Manager can’t block malware activity. They are only effective for identifying and alerting. A WAF is effective for blocking a very specific subset of front-end web exploits and is limited in scope. Zero Day exploits won’t likely be identified and blocked as it takes some time for the new exploit definitions to be imported into the service.

-Roland Scarinci, Senior Director of Solution Architecture at HOSTING

Click here to learn more about how HOSTING Unified Cloud Security services keeps our customers – and their data – safe and secure.