lolloj - Fotolia
At the recent Infosec exhibition, by far the hottest topic was ransomware. We had a steady stream of SMEs visiting the stand worried about this increasingly virulent zero-day threat. And it is clear that small to medium sized businesses are firmly in the sights of the cyber criminals who know that they present a softer target for their advanced techniques, honed in attacks on large corporates and nation states. The criminals also know that if they price it right, most SMEs will simply pay up rather than face the disruption along financial losses and embarrassment. The typical demand for an SME is around £350, which may seem a relatively small price to pay.
A recent Symantec report identified 100 new ransomware families in 2015, as campaigns adopted Advanced Persistent Threat tactics and from the second quarter of 2015 to Q2 2016, overall ransomware incident totals ranged between 23,000 and 35,000 infections per month, peaking in March with the appearance of the Locky ransomware.
Satana is one of the latest strains of ransomware to appear that combines MBR (Master Boot Record) techniques, that prevent the PC booting to Windows, along with common ransomware that encrypts the files. Another variant is Ranscam that claims to encrypt files but in fact simply deletes them.
This latter technique in particular plays on the fear and lack of cyber security expertise in SMEs. Whilst recovering deleted files should be relatively simple to do, many SMEs don’t have the skills or knowledge.
That’s where the channel has an increasingly important role to play. The reseller is probably the first port of call for a customer looking to prevent ransomware or seek help to recover from an attack. Resellers themselves need to skill up so they can provide these services and support. To encourage this, WatchGuard and other vendors are shifting the focus of their partner programmes from volume to training and certification. Discounts, rebates and other incentives are based on the skill and knowledge base, rather than simply sales revenue.
Of course there are some basic steps that resellers can encourage their customer to take in order to mitigate the risks from ransomware and other zero-day threats.
Backing up data on a regular basis to an offline or Cloud based provider will help to reduce the damage caused from having your data held hostage. But remember, if cloud based storage is the only back-up and your cloud provider is compromised – you could be in the same boat. Also if your back-ups are encrypted make sure you have the key stored off network or it too is at risk of being infected by the Ransomware.
Education is also critical as most ransomware attacks use social engineering to encourage email recipients to click on links or open attachments. And of course don’t forget the patching mantra to ensure you have the latest protection. However, even traditional antivirus solutions that rely on signature struggle to stay one step ahead, so it is worth installing APT (Advanced Persistent Threat) technology capable of detecting and blocking ransomware before it has the chance to do any damage. It is also important to have good visibility of what is going on so network operations staff and IT teams get clear alerts of all detected malware and explanations of why each file is considered malicious.
It is difficult to think of any single attack vector that has caused as much concern among SMEs and the resellers that are able to step up to the challenge and offer the skills and expertise required have a real opportunity to make a difference and strengthen their businesses at the same time.