Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

12/8/2017
08:35 AM
Nick Claxson
Nick Claxson
News Analysis-Security Now
50%
50%

More Security Might Not Cure Ransomware

Ransomware is definitely a security issue, but 'more security' may not be the solution so many are looking for.

Hollywood scriptwriters must have been kicking themselves when cyber thieves came up with the idea of ransomware. It has well and truly captured the imagination, driving genuine fear into the hearts of many business leaders who had hitherto paid little attention to cyber threats in general.

The really clever thing about ransomware is that the crimes are rarely targeted at "obvious" pools of valuable data such as credit card records and banking information. Ransomware is at its most supremely evil when it strikes at data that you (and possibly only you) find valuable. A little like the act of kidnapping someone's pet dog; the market value is irrelevant -- it's how much it matters to the owner.

The net effect of this is that the usual cyber targets (banks, other financial institutions, etc.) aren't bearing the brunt of this threat. It's at least as likely to be research institutions, healthcare providers, pharmaceuticals, utilities -- any sector where having data held to ransom could be ruinous.

What if the answer isn't "more security"?

You've got to hand it to the cybersecurity industry. They've made hundreds of billions of pounds over the years, and yet seem no closer to actually stopping cyber attacks than when the first computer viruses were created. Rather than becoming discredited, this apparent failure is its own reward; encouraging customers to consider how much worse things would be if they didn't keep buying security solutions. You need merely whisper "ransomware" to experience a sales onslaught of weird, wonderful and ultimately expensive ways of protecting yourself -- but with zero guarantee they will work.

This is sheer madness; a snake eating its own tail. It's time to stop thinking of ransomware as a failure of security and start calling it what it really is: a failure of effective data management.

Boring old backup saves the day
The first lesson in data management is to backup regularly. In data-intensive sectors, this can be far easier said than done. Pulling very large data sets into a coherent backup process is often complicated by inefficiencies and data infrastructures that have built up over time. This, in turn, can lead each backup to be a lengthy process -- six to eight hours is not out of the ordinary -- which discourages IT professionals from performing them frequently. As a result, many organizations have a disconnect between how often they would like to perform backups (typically daily) and how often they manage to (weekly, monthly or even quarterly).

This is a recipe for catastrophe should some unforeseen event disrupt your IT systems. One such event could be a ransomware lock-out, leaving you with a backup copy that may be considerably out of date.

Why pay criminals for data that you already have?
Read the news reports about ransomware and you'll spot an Achilles' Heel in the criminal masterplan. Namely, that if the victim kept an up-to-date copy of its data, there would be no need for them to pay to get it back. Such an event would still constitute a serious security breach, but at least they'd have their precious data.

More and more organizations are waking up to this simple truth by instigating a three-pronged strategy to address the ransomware problem:

Stream 1: Education
Ransomware is an infection that usually requires people to do things they shouldn't. Like any modern threat, ransomware relies on the concept of 'social engineering' and other human factors. The best way to counter this is by involving your people in relevant education programmes. Be sure to include everyone who has access to email, computers and servers in your organisation.

Stream 2: Cybersecurity vigilance
The cybersecurity industry might be behind the curve on ransomware, but that doesn't mean you shouldn't leverage solutions that stop the easiest 95% of known attacks from getting through. Whether you run endpoint antivirus or network-based security (or both), this is a vital layer of defense. Also, ensure that you decommission out-of-support/end-of-life data management software and always run recommended patches and updates.

Stream 3: Get serious about backup to enjoy total data protection
Modern IT backup solutions take frequent, incremental backups every minute or so. Being incremental means you never stress your network out (or your IT staff) by repeating entire backup processes. Should your business encounter ransomware and the inevitable demand for money to unlock your data, you can safely ignore it. Simply roll back your data to the second before the attack struck. This way, you can be assured that your valuable data and systems continue running and the malware cannot be retriggered.

To conduct incremental backups, backup appliances need to be updated to detect and record block-level changes from snapshots, taking individual backups at hundreds of points per day. Some solutions supplement this with the capability to detect ransomware inside a backup, and notify IT staff accordingly. This mitigates the spread of infection.

Taking away the power of ransomware's extortionists feels good, but it requires a combination of effective security measures and a nimble, continuous backup process. Only then can you have a data governance process worthy of the name, and a cast-iron insurance policy against anyone who claims to have kidnapped your data.

Related posts:

Nick Claxson is managing director of Comtec Enterprises.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.