Bekker's Blog

Blog archive

A Dozen Defenses Against Ransomware (Some Good Against WannaCry)

WannaCry (also known as WannaCrypt) is developing into a potentially transformative ransomware incident.

Ransomware is nothing new and IT experts, especially vendors in the security and backup and recovery sectors, have been running around with their hair on fire about it for a few years now.

Yet WannaCry, which first hit May 12 and reached 150 countries and 200,000 machines by some counts, could be the high-profile incident that makes ransomware into a widespread concern that causes customers to start sitting up and paying attention when their managed services providers (MSPs) propose ransomware defense measures.

A lot of vendors are flooding the information zone right now with anti-ransomware advice for their partners or for end customers. Much of the advice is good, but, predictably, most of it involves what their particular product can do to stop ransomware. What's interesting about ransomware, however, is how many different threads an effective attack ties together. A multi-layered defense strategy that spans different tools and tactics is a must.

The WannaCry attack was in full swing as RCP was finishing up our May/June issue and we took the opportunity to develop a partner guide (available here for free) for ransomware best practices. We used WannaCry as a springboard for the report, but we took a more general approach to the problem of ransomware.

As we scraped our notebooks, previous coverage of ransomware and the WannaCry news, we were anticipating finding between four and six specific tactics that should be part of a comprehensive ransomware strategy for an MSP. Instead, we discovered an even dozen -- some technology, some education, some street-corner psychology.

Some of the same things that made WannaCry such a nasty piece of code mean that some of the standard tactics won't work against it. For example, some researchers are making the case that WannaCry used Internet scans to find systems with an unpatched SMB flaw to gain purchase inside victimized organizations rather than a more traditional spam or phishing attack to get in. So in this case, end user education, anti-spam tools and the like aren't much help.

If there's one thing that's true of IT security problems, it's that old attack vectors rarely go out of style. Even if spam or phishing-based attacks aren't a vehicle for WannaCry, they will continue to be for other families of ransomware still skulking around and will be for as-yet-undreamed-of families of ransomware that are sure to emerge.

Sadly, none of these defenses can probably ever be retired. They'll all have to be maintained and improved, even as new protection tactics get added to the checklists that disciplined MSPs go through to keep their customers as safe as possible.

To see the full guide, click here (free registration required).

Posted by Scott Bekker on May 22, 2017 at 9:59 AM


Featured

  • Windows Autopilot for HoloLens 2 Hits Preview

    Windows Autopilot, Microsoft's PC self-provisioning program, is now being tested for use with the company's mixed-reality headset, the HoloLens 2.

  • Signs Point to Microsoft Charging for Use of APIs

    There are indications that Microsoft is mulling charging customers for software that uses its application programming interfaces.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Microsoft Extends Azure Hybrid Benefit Licensing to Linux

    Microsoft has expanded its Azure Hybrid Benefit licensing program to include Linux servers, particularly Red Hat Enterprise Linux or SUSE Linux Enterprise servers.