A Dozen Defenses Against Ransomware (Some Good Against WannaCry)
    WannaCry (also known as WannaCrypt) is developing into a potentially transformative  ransomware incident.
Ransomware is nothing new and IT experts, especially vendors  in the security and backup and recovery sectors, have been running around with their  hair on fire about it for a few years now. 
Yet WannaCry, which first hit May 12 and reached 150  countries and 200,000 machines by some counts, could be the high-profile incident  that makes ransomware into a widespread concern that causes customers to start  sitting up and paying attention when their managed services providers (MSPs) propose  ransomware defense measures.
A lot of vendors are flooding the information zone right now  with anti-ransomware advice for their partners or for end customers. Much of  the advice is good, but, predictably, most of it involves what their particular  product can do to stop ransomware. What's interesting about ransomware,  however, is how many different threads an effective attack ties together. A  multi-layered defense strategy that spans different tools and tactics is a  must.
The WannaCry attack was in full swing as RCP was finishing  up our May/June issue and we took the opportunity to develop a partner guide  (available here for free) for ransomware best practices. We used WannaCry as a springboard for the report,  but we took a more general approach to the problem of ransomware.
As we scraped our notebooks, previous coverage of ransomware  and the WannaCry news, we were anticipating finding between four and six  specific tactics that should be part of a comprehensive ransomware strategy for  an MSP. Instead, we discovered an even dozen -- some technology, some  education, some street-corner psychology.
Some of the same things that made WannaCry such a nasty piece  of code mean that some of the standard tactics won't work against it. For  example, some  researchers are making the case that WannaCry used Internet scans to find  systems with an unpatched SMB flaw to gain purchase inside victimized  organizations rather than a more traditional spam or phishing attack to get in.  So in this case, end user education, anti-spam tools and the like aren't much  help.
If there's one thing that's true of IT security problems, it's  that old attack vectors rarely go out of style. Even if spam or phishing-based  attacks aren't a vehicle for WannaCry, they will continue to be for other  families of ransomware still skulking around and will be for  as-yet-undreamed-of families of ransomware that are sure to emerge. 
Sadly, none  of these defenses can probably ever be retired. They'll all have to be  maintained and improved, even as new protection tactics get added to the  checklists that disciplined MSPs go through to keep their customers as safe as  possible.
To see the full guide, click  here (free registration required).
 
	Posted by Scott Bekker on May 22, 2017