If there’s one security threat that strikes fear in the hearts of companies of every size and kind, it’s ransomware. One of the fastest-growing types of malware today, ransomware uses encryption to lock you out of your data – and then forces you to pay a ransom to have it decrypted. We wrote in a previous post about some common-sense steps to take to reduce the risk of being victimized. Now let’s look at the specific endpoint-security strategy we recommend to block ransomware, including the technologies that are part of that strategy.
Three-layer security to keep you safe, safer, safest
There are three types of endpoint-security solutions that protect against ransomware attacks. We recommend combining them to improve your chances of being able to repel an attack.
- Definition-based anti-virus
Make sure your security strategy includes definition-based anti-virus software, which works by detecting patterns in files and attachments that indicate the presence of known security threats. Consider products from top vendors like Webroot (our go-to choice), Bitdefender and Kaspersky, or McAfee offerings from Intel Security.
- Behavioral-based anti-malware
As the name suggests, behavioral-based protection detects security intrusions by watching for unusual system or user behaviors. With this type of software layered on top of your anti-virus solution, you have two levels of protection. We use anti-malware from Malwarebytes; you’ll also find choices in this category from f-secure and ESET.
- Content filtering
While anti-virus and anti-malware solutions protect against threats in email and email attachments, content filtering software detects malware on websites that have been set up for the very purpose of spreading infections. Our top choice is OpenDNS (To learn more about OpenDNS, check out this post from our Director of Operations). WebSense, Barracuda and WebTitan are other options.
You may find that some vendors offer two types of protection – or even all three types – in one solution. It may be tempting to simplify by pursuing one of these, but we recommend that you stick with the three-layer strategy. We believe it’s your best chance of getting the most effective solution possible within each category of protection.
Taking every precaution to minimize the impact of ransomware
Remember that one holiday season when you got a flu shot, washed your hands in hot water every 30 minutes and avoided parties like the plague so you wouldn’t get sick? And remember how you got sick anyway? Unfortunately, that can also happen with ransomware (or any type of malware). There’s just no protection against it that’s 100 percent effective. But as with the flu, there’s something you can do to make the experience a lot less miserable.
Think of a robust backup solution as Tamiflu for a ransomware attack – something that can help you recover quickly and with minimal pain and suffering. Look for backup software that can not only back up and recover your data, but also restore your operating system, applications and configurations. That way, you won’t have to spend time and money getting everything back to the way it was before.
The threat is evolving – fortunately, so is the response
It’s in the nature of malware to evolve and mutate into new threats, each worse than the last. The latest stage in the evolution of ransomware is extortionware, in which the people holding your data hostage also hold on to a copy of it. Then, after you’ve paid them to decrypt your data, they demand another payment to stop them from exposing sensitive information using the copy they’ve kept.
The good news is that security responses are evolving, too. One approach that security experts are starting to talk about is for organizations to proactively encrypt all data so that it can’t be encrypted by ransomware. Other approaches will continue to emerge as the battle to keep data safe goes on. We’re here in the trenches doing our part, and we’re happy to advise you in any way we can.
Our goal for this blog is to answer the questions you ask! We welcome questions, comments and ideas- feel free to email us at firstname.lastname@example.org. You can learn more about advanced endpoint security on our services page.