Page 16 - Cyber Warnings
P. 16
CryptoLocker - Best avoided!
You don’t want to see this Classic Ransomware operation - after the malware is in place, a
unique encryption key is generated for each computer infected and is used to encrypt data on
the machine. If the ransom is not paid within the allotted time the files are lost forever.
Make sure backups are up to date and isolated from the computer, otherwise they may be
encrypted too.
So- What should you be doing right now to prevent Ransomware?
Over and above standard firewalling and anti-virus protection, there are additional defenses that
should be in place to defend against phishing, given that this is the primary delivery mechanism
used. Unfortunately, phishing is, by design, notoriously tough to prevent, due to its cunning and
devious methods.
The malware is invited in by the recipient, typically either by opening an attachment or by
activating/ downloading a link, thereby largely subverting Corporate IT Security.
The best approach is to therefore harden the user workstation environment, to prevent malware
activity where possible and to at least place more obstacles in the way when not.
As with any hardening program, a balance must be found between strong security and
operational ease of use.
The majority of exploitable vulnerabilities can be mitigated within the Workstation Operating
System, and further protection can be provided using manufacturer extensions such as
Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) and Windows Defender or 3rd Party
AV.
Secure the Desktop and the User
But when it comes to users’ emails and their content, accurately protecting against the bad
while allowing the good is beyond any technological solution.
While blocking all email attachments and links would improve security, there aren’t many users
that would sign up for this. A more graded approach to protecting the user is needed.
And in fact this solution already exists for most browsers and the Microsoft Office Applications.
Controlled by Group Policy, the desktop applications otherwise used to welcome in
Ransomware can be fine-tuned to mitigate exploitable vulnerabilities while requiring elevated
approval for other functions – this may slow the user down for certain tasks, but that additional
pause for thought while the system prompts for approval elevation will ensure security hygiene
is observed.
16 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
