How to Protect Your Clients from Ransomware

April 5th, 2017
Vadim VladimirskiyFounder & CEO, Nerdio

Are you ready to defend against a zero-day ransomware attack? If you do not have cutting edge cybersecurity tools at your fingertips, you may want to pause before you answer this question.

As a managed services provider, you have a responsibility to safeguard your clients’ data in any IT environment, physical or virtual. No MSP is immune to the risk of a ransomware attack, yet many erroneously believe that they are too smart and too sophisticated to fall prey to malware.

Here’s a reality check: SonicWall’s 2017 Annual Threat Report recently revealed a disturbing rise in detected instances of ransomware. In 2016, SonicWall identified 638 million instances of ransomware, compared to only 3.8 million instances in 2015. That’s a horrifying 16,600 percent increase.

What’s new with ransomware?

The ransomware industry is growing. The threat landscape is aggressive, persistent and increasing in scope every day. Long gone are the days of fake antivirus and lock-screen malware.

Today’s nefarious variants go the extra mile and encrypt hundreds (sometimes thousands) of system files until you pay a ransom as high as $10,000. Here are just a few examples of what you may be up against.

encrypted files

Captain Kirk

The “Captain Kirk” malware recently revealed by TrendMicro is a great example of how ransomware is evolving. Like any con man, malware authors work to stay at least one step ahead of good guys like you.

Coded in Python, Kirk masquerades as an open-source tool to stress test networks. As opposed to the ubiquitous demand for Bitcoin, Kirk requests payment in Monero, the current cryptocurrency of choice for the enterprising (pun intentional) cybercriminal.

To solidify its branding in the dark web, malware authors even decided to append encrypted files with a .kirked extension. Also, developers of this new ransomware have already unleashed a variant, dubbed Lick, which diabolically masquerades as a ransomware decrypter.

Satan

You now have to deal with ransomware-as-a-service, too. Satan is the latest variant to make a name for itself in the dark web. Its authors actually advertise it openly, netting a 70 percent fee on ransom payments.

One plausible reason for the meteoric increase in ransomware could be that ransomware is now standard in any serviceable exploit kit. Even a script kiddie can generate a custom executable file in Satan.

Targeting 131 file types, Satan uses AES-256 encryption along with RSA-2048 encryption. Both the kit and the command and control servers are available in several languages. Satan’s author (perhaps the infamous Guccifer 2.0) even offers tips on how to drop the malware effectively.

ransomware hacker

How to prevent ransomware

You can only prevent ransomware with persistent, tireless resolve. But specifically, you can prevent ransomware either by deploying a private cloud or using a VDI.

Virtual desktops can minimize the damage caused by a user being phished. With the right VDI, you can disable ActiveX in MS Office applications or block binaries from %APPDATA% paths, if necessary. If you do fall victim to ransomware, the increased control offered by a VDI allows you to quickly quarantine infected machines.

The benefits of this approach are increased control and visibility into what users are actually doing on a daily basis. Email is still the most common attack vector for ransomware, so it is good practice to have strong backup policies. Otherwise, you may be unnecessarily exposing your BYOD users to the risk of ransomware attacks.

The rampancy of ransomware is not going to subside anytime soon. To prevent ransomware, it is best to maintain maximum control over your IT environment.