April 04, 2017
Ransomware was big business for criminals in 2016, bringing in more than $1 billion worldwide according to some estimates. And 2017 is expected to fare no better, with experts predicting ransomware attacks on businesses to double this year. It’s time to get your ransomware prevention strategy in place – the main component of which should be anti-phishing defenses.
Phishing is Popular Attack Vector
While ransomware has many attack vectors, including drive-by malware drops from infected websites, the primary delivery mechanism is phishing emails with malware-laced attachments.
Attackers gravitate to phishing emails because they are easy to target and deploy. Just a few minutes of online research is usually all attackers need to uncover the name, title and group/department of a likely phishing candidate. They then simply create the message, embed the ransomware in an innocuous-looking attachment and send.
To make matters worse, many ransomware attacks are now available in as-a-service models. One of the most notable as-a-service ransomware offerings used Cerberus — a variant researchers claim was responsible for eight new campaigns a day and generating $2.5 million annually in criminal revenue.
Critical Ransomware Prevention Measures
Preventing ransomware attacks deployed via phishing emails is no easy feat. It requires a strong combination of:
- Workforce education: It’s always best to stop attacks before they start, and that means educating users so they understand the risks, can identify common phishing schemes and know how to report potential phishing attacks. At a minimum, users should be taught not to click on links embedded in email and instead, access only business-approved online sites directly from their browsers.
- Strong policies: This means enforcing strong access controls including requiring difficult-to-guess passwords that are changed on a regular basis, and multi-factor authentication to limit damages should an attack occur.
- Technology: In addition to stripping links from email and enforcing whitelisting to ensure users only engage with known, permitted sites, organizations should focus on bolstering endpoint controls, leveraging sandboxing to uncover zero-day attacks, deploying next-generation firewall and IDS solutions, and implementing good vulnerability and patch management programs.
Advanced Threat Protection Framework Mitigates Attacks
While implementing such an approach is easier said than done, new tools like those from our partner Fortinet can help. Its Advanced Threat Protection (ATP) framework together with its Secure Email Gateway and cohesive Security Fabric architecture provide the high degree of visibility and collaboration needed to protect against even the most sophisticated ransomware attacks.
Fortinet’s Secure Email Gateway; for example, uses antivirus, anti-malware and data loss prevention (DLP) tools to protect against known inbound and outbound email attacks. In addition, it integrates with the ATP’s advanced sandboxing technology to test and identify never-before-seen zero-day attacks.
When combined with Fortinet’s Security Fabric, any newly created signatures are then deployed to all other security tools in the fabric including next-generation firewalls, IDS/IPS and others. The result is that organizations are able to quickly mitigate attacks that might otherwise fly under the radar of a single security tool, significantly reducing their exposure and risk to both phishing and ransomware.
A value-added distributor of Fortinet solutions, Fine Tec is an expert in deploying Fortinet’s ATP, Secure Email Gateway and Security Fabric architecture. We can help you ensure your customers don’t fall victim to the latest phishing and ransomware attacks.