Beware of Ransomware: IT Insider Explains the Growing Problem
After earning a bachelor’s degree in computer science and an MBA with an emphasis in high-tech, Eran Livne spent the first eight years of his career working as a developer for enterprise applications.
Since then, he has been a product manager and product marketing manager for several enterprise and software companies, including a company he founded which was acquired by Ivanti two years ago (LetMobile).
For the past year, Livne has been the product manager for Ivanti endpoint security solutions.
His extensive experience in the security space prompted us to get the inside scoop on the increasing problem of ransomware.
Q: How big of a problem is ransomware today?
A: Huge. We are now in a stage where the bad guys fully understand the potential of the ransomware business model.
The tools they use to distribute the ransomware are not only advanced, but highly cost-effective. Today’s ransomware infection kits are also very sophisticated, ensuring high success rates in terms of the ability to hijack an infected computer without the chance for a third-party security vendor to respond and remediate the attack.
Q: Why is it such a large problem? Are the bad guys getting better or are organizations getting worse at protecting themselves?
A: The main reasons are the cost-effectiveness of the distribution channels, as well as the tools used to take the computer hostage.
Ransomware distribution is mainly based on low-cost phishing emails and social engineering tactics that convince the end user (victim) to run an attachment.
Phishing and social engineering aren’t new. They are tools that have been used by cybercriminals for years. The fact that a human opens the attachment and that ransomware is an executable rarely detected by an AV—AV being the most common way to protect the endpoint—makes this attack highly effective.
Q: What are two things an organization can do to protect itself from ransomware?
A: First, make sure you have a good endpoint protection that is not signature-based. Second, be sure to have backup properly configured in case the endpoint protection fails.
Q: How is ransomware generally delivered? How does it work?
A: In the majority of cases, ransomware is sent as an attachment in a phishing email. Based on current statistics from Verizon, 23 percent of recipients are opening phishing emails and 11 percent of those are clicking on attachments. This means there is a good chance that one of the end users will open the attachment and the ransomware will run.
The ransomware executable usually does not require any administrator rights and is tested to work against all known AV vendors (before it is shipped), so it should be able to run in any environment without any problems.
Q: How can LANDESK help companies prevent ransomware?
A: With Ivanti, we offer a layered approach for ransomware protection. Each organization can choose which methods to deploy.
Our layered protection starts with deployment and management of our AV solution, followed by a passive document protection that immunes all documents from being hijacked by a ransomware.
The next steps will be to apply application control and whitelisting capabilities, ensuring that only trusted applications can run. This will eliminate the ability for a ransomware to run in the first place.
It is also highly recommended to use our third-party application patching solution. Our privilege management solution ensures users do not need to have administrative rights that limit the ability of some ransomware to spread and infect the endpoint.