WatchGuard Preventing Ransomware Attacks with Host Ransomware Prevention
Introduction
Small and midsize businesses and distributed enterprises continue to fall victim to advanced malware attacks that have serious impact on business productivity and continuity. Ransomware, a type of advanced malware that denies victims to data and systems, has been shown to disproportionately target SMBs making these attacks the single greatest security threat facing them today. Unfortunately, whether due to cost or complexity, many small-to-midsize businesses have simply lacked the resources they need to effectively stop ransomware attacks, leading to devastating consequences.
Host Ransomware Prevention, a component of the WatchGuard Host Sensor enables organisations of all sizes to detect, and even prevent, ransomware attacks before the damage is done.
What is Ransomware?
Ransomware is a type of advanced malware attack that takes hold of a device, either locking the user out entirely or encrypting files so they cannot be used. This type of malware can infect your device in a variety of ways. Whether downloaded from a malicious or compromised website, delivered as an attachment in a phishing email or dropped by exploit kits onto vulnerable systems, once executed the ransomware will either lock the computer or encrypt predetermined files. The attacker will then make themselves known with an “official” ransom demand, as well as thorough instructions and timelines on how to make a payment to regain your assets.
Phishing for Access
One of the most common methods of delivering ransomware is through a phishing email attack. These targeted emails are often written in a way that the unsuspecting users would never know that it wasn’t from a legitimate sender. They often contain a malicious link or download that grants the hacker passage to not just this device, but opens the door to your entire organisation. SMBs are a key target for this typeof attack, with over 40% of spear-phishing attacks aimed at organisations with fewer than 250 employees in 2015. (Verizon)
The sophistication of the average cybercriminal is at an all-time low. Today we can fall victim to attacks that require little or no technical skill because malware tools and services are widely available. The dark web gives criminals the ability to buy incredibly sophisticated malware variants or even have malware designed for specific targets. Even worse, the success of Ransomware has led to the emergence of ransomware-as-a-service enabling non-technical criminals to purchase not only the malware, but the means to deliver it and collects the profits as a service. This takes a complicated operation that usually needs multiple world class hackers and puts it in the hands of anyone looking to attack organisations of any size.
Ransomware attacks are no joke, and they are a menace to SMBs and distributed enterprise organisations. However, these tricky attacks share common behaviours that can be used in malware detection. Leveraging behavioural analysis to catch the malware attempts to evade detection and perpetrate its attack enables organisations to better defend against these attacks.
