Bekker's Blog

Blog archive

A Dozen Defenses Against Ransomware (Some Good Against WannaCry)

WannaCry (also known as WannaCrypt) is developing into a potentially transformative ransomware incident.

Ransomware is nothing new and IT experts, especially vendors in the security and backup and recovery sectors, have been running around with their hair on fire about it for a few years now.

Yet WannaCry, which first hit May 12 and reached 150 countries and 200,000 machines by some counts, could be the high-profile incident that makes ransomware into a widespread concern that causes customers to start sitting up and paying attention when their managed services providers (MSPs) propose ransomware defense measures.

A lot of vendors are flooding the information zone right now with anti-ransomware advice for their partners or for end customers. Much of the advice is good, but, predictably, most of it involves what their particular product can do to stop ransomware. What's interesting about ransomware, however, is how many different threads an effective attack ties together. A multi-layered defense strategy that spans different tools and tactics is a must.

The WannaCry attack was in full swing as RCP was finishing up our May/June issue and we took the opportunity to develop a partner guide (available here for free) for ransomware best practices. We used WannaCry as a springboard for the report, but we took a more general approach to the problem of ransomware.

As we scraped our notebooks, previous coverage of ransomware and the WannaCry news, we were anticipating finding between four and six specific tactics that should be part of a comprehensive ransomware strategy for an MSP. Instead, we discovered an even dozen -- some technology, some education, some street-corner psychology.

Some of the same things that made WannaCry such a nasty piece of code mean that some of the standard tactics won't work against it. For example, some researchers are making the case that WannaCry used Internet scans to find systems with an unpatched SMB flaw to gain purchase inside victimized organizations rather than a more traditional spam or phishing attack to get in. So in this case, end user education, anti-spam tools and the like aren't much help.

If there's one thing that's true of IT security problems, it's that old attack vectors rarely go out of style. Even if spam or phishing-based attacks aren't a vehicle for WannaCry, they will continue to be for other families of ransomware still skulking around and will be for as-yet-undreamed-of families of ransomware that are sure to emerge.

Sadly, none of these defenses can probably ever be retired. They'll all have to be maintained and improved, even as new protection tactics get added to the checklists that disciplined MSPs go through to keep their customers as safe as possible.

To see the full guide, click here (free registration required).

Posted by Scott Bekker on May 22, 2017


Featured

  • Nebula

    Ahead of AGI, Microsoft and OpenAI Redefine Their Partnership

    In a recapitalization announced Tuesday, OpenAI has launched a new public benefit corporation (PBC) called OpenAI Group, giving Microsoft a 27 percent ownership stake valued at approximately $135 billion.

  • Veeam Acquires Securiti AI To Unify Data Resilience and AI Security

    Veeam Software is making a strategic move into AI and data security by acquiring Securiti AI for $1.7 billion.

  • Microsoft Adds 'Mico' Virtual Assistant to Copilot in Major Fall Update

    In a significant feature update, Microsoft on Thursday said it is reshaping its Copilot AI platform with features that deepen user personalization and enable real-time group collaboration, among other perks.

  • Nutanix Partner Central Rolls Out To Boost Channel Engagement

    Nutanix on Wednesday launched a new platform, Partner Central, to give its channel partners a unified digital workspace for managing sales, tracking incentives and collaborating more effectively.