RCP Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.

Bekker's Blog

Blog archive

A Dozen Defenses Against Ransomware (Some Good Against WannaCry)

WannaCry (also known as WannaCrypt) is developing into a potentially transformative ransomware incident.

Ransomware is nothing new and IT experts, especially vendors in the security and backup and recovery sectors, have been running around with their hair on fire about it for a few years now.

Yet WannaCry, which first hit May 12 and reached 150 countries and 200,000 machines by some counts, could be the high-profile incident that makes ransomware into a widespread concern that causes customers to start sitting up and paying attention when their managed services providers (MSPs) propose ransomware defense measures.

A lot of vendors are flooding the information zone right now with anti-ransomware advice for their partners or for end customers. Much of the advice is good, but, predictably, most of it involves what their particular product can do to stop ransomware. What's interesting about ransomware, however, is how many different threads an effective attack ties together. A multi-layered defense strategy that spans different tools and tactics is a must.

The WannaCry attack was in full swing as RCP was finishing up our May/June issue and we took the opportunity to develop a partner guide (available here for free) for ransomware best practices. We used WannaCry as a springboard for the report, but we took a more general approach to the problem of ransomware.

As we scraped our notebooks, previous coverage of ransomware and the WannaCry news, we were anticipating finding between four and six specific tactics that should be part of a comprehensive ransomware strategy for an MSP. Instead, we discovered an even dozen -- some technology, some education, some street-corner psychology.

Some of the same things that made WannaCry such a nasty piece of code mean that some of the standard tactics won't work against it. For example, some researchers are making the case that WannaCry used Internet scans to find systems with an unpatched SMB flaw to gain purchase inside victimized organizations rather than a more traditional spam or phishing attack to get in. So in this case, end user education, anti-spam tools and the like aren't much help.

If there's one thing that's true of IT security problems, it's that old attack vectors rarely go out of style. Even if spam or phishing-based attacks aren't a vehicle for WannaCry, they will continue to be for other families of ransomware still skulking around and will be for as-yet-undreamed-of families of ransomware that are sure to emerge.

Sadly, none of these defenses can probably ever be retired. They'll all have to be maintained and improved, even as new protection tactics get added to the checklists that disciplined MSPs go through to keep their customers as safe as possible.

To see the full guide, click here (free registration required).

Posted by Scott Bekker on May 22, 2017 at 9:59 AM