Page 49 - Cyber Warnings
P. 49
Communication Stage
Firewall rules can block known malicious domains: Writing rules to block malicious domains is a
standard capability of network firewalls
Proxy/gateway scanner signatures for known traffic: For those with proxy and gateway
appliances, these technologies can be configured to scan for known ransomware control server
traffic and block it. Most ransomware cannot continue operations if it cannot retrieve the public
encryption key needed for asymmetric encryption
Encryption Stage
Back-up and restore files locally: By creating a storage volume and running archival differential-
based file backups to that storage volume, remediation is as easy as removing the ransomware,
going back in time with the backup to a point before the ransomware affected the files, and
restoring all the affected files.
This can be done today by network administrators who could either use external storage
volumes with a good archival backup utility or partition a local drive and run the backup utility
against that
Limit shared file activities: Many ransomware variants will look for access to files on storage
other than the boot volume—such as file servers, additional volumes, etc.—and will encrypt
everything they can find to inflict maximum damage. Consider limiting operations allowed on
shared volumes
Ransom Demand Stage
Restore from backup, keep a recent backup offsite and “air gapped”: Store a set of multiple,
complete backups and assume an attack. An “air-gapped” backup is not connected to the
computer or the network anywhere. (For an individual this could mean back up to an external
hard drive.
When the backup is done, unplug the drive and keep it in a drawer, away from any computers.
That way ransomware cannot detect the backup and damage it.)
Consider using a “bare metal backup” utility, which not only backs up your user files, but also
lets you erase all storage volumes (in case the machine is stolen) and get you back to a usable
state with all your applications and data restored
Ensuring your organization’s precious data is not ripe for the taking is a daunting task,
especially with the steady rise of ransomware as an attack vector.
49 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
