Fight Windows ransomware with on-board tools
Negotiating Hurdles
The horror scenario: Your organization's data has been encrypted – in the worst case, after the data has been stolen and is at risk of ending up on the darknet. The measures used to mitigate the effect of ransomware can be broken down into two aspects. The first involves preventing attacks, and the second is all about slowing down the attack if it is successful. Both tasks require changes to workflows and processes involving administrative intervention that is not always convenient.
Entry
Ransomware has a limited number of vectors for entering the company network. Email and malicious attachments come first, but external access to the mailbox is also conceivable, with the manipulation of existing attachments. Many companies also have holes in the firewall that provide a direct route to the internal network. Remote Desktop (RDP) and other protocols that allow remote access are worthy of note, as well as manipulated software that users download and install. Last but not least, one visit to a manipulated website is all it takes to be infected by ransomware or some other malware (drive-by attacks).
Email is the most common way for ransomware to enter a company. A simple file attachment is all it takes. Sending billions of email messages costs nothing but electricity. Valid target addresses can be bought, found, and generated. Anyone who has worked with the same email address for a period of time will be familiar with the problem of spam and be aware that their own address has been public knowledge for a long time. What was technically brilliant about the Locky attack [1], for example, was that the malware and the associated executable file were not directly included in the attachment. Instead, the recipients received an Excel file with a macro that acted as a
...Buy this article as PDF
(incl. VAT)