Bekker's Blog

Blog archive

A Dozen Defenses Against Ransomware (Some Good Against WannaCry)

WannaCry (also known as WannaCrypt) is developing into a potentially transformative ransomware incident.

Ransomware is nothing new and IT experts, especially vendors in the security and backup and recovery sectors, have been running around with their hair on fire about it for a few years now.

Yet WannaCry, which first hit May 12 and reached 150 countries and 200,000 machines by some counts, could be the high-profile incident that makes ransomware into a widespread concern that causes customers to start sitting up and paying attention when their managed services providers (MSPs) propose ransomware defense measures.

A lot of vendors are flooding the information zone right now with anti-ransomware advice for their partners or for end customers. Much of the advice is good, but, predictably, most of it involves what their particular product can do to stop ransomware. What's interesting about ransomware, however, is how many different threads an effective attack ties together. A multi-layered defense strategy that spans different tools and tactics is a must.

The WannaCry attack was in full swing as RCP was finishing up our May/June issue and we took the opportunity to develop a partner guide (available here for free) for ransomware best practices. We used WannaCry as a springboard for the report, but we took a more general approach to the problem of ransomware.

As we scraped our notebooks, previous coverage of ransomware and the WannaCry news, we were anticipating finding between four and six specific tactics that should be part of a comprehensive ransomware strategy for an MSP. Instead, we discovered an even dozen -- some technology, some education, some street-corner psychology.

Some of the same things that made WannaCry such a nasty piece of code mean that some of the standard tactics won't work against it. For example, some researchers are making the case that WannaCry used Internet scans to find systems with an unpatched SMB flaw to gain purchase inside victimized organizations rather than a more traditional spam or phishing attack to get in. So in this case, end user education, anti-spam tools and the like aren't much help.

If there's one thing that's true of IT security problems, it's that old attack vectors rarely go out of style. Even if spam or phishing-based attacks aren't a vehicle for WannaCry, they will continue to be for other families of ransomware still skulking around and will be for as-yet-undreamed-of families of ransomware that are sure to emerge.

Sadly, none of these defenses can probably ever be retired. They'll all have to be maintained and improved, even as new protection tactics get added to the checklists that disciplined MSPs go through to keep their customers as safe as possible.

To see the full guide, click here (free registration required).

Posted by Scott Bekker on May 22, 2017


Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.