Interop ITX coverage: How to stop ransomware in its tracks

The first panel we attended at this year’s Interop ITX conference at the MGM in Las Vegas was “Ransomware: How To Stop It In Its Tracks & Respond When You Can’t,” and it was standing room only – an immediate good sign. Which, given how WannaCry had just hit the weekend before, wasn’t exactly a surprise.

It couldn’t have been presented at a better time, when businesses are looking to their IT pros to protect their data. Presented by Gal Shpantzer, an Independent Security Professional and Advisor, who’s also presented at the RSA conference, Shpantzer kept the usually cynical topic of cybersecurity light with some humor.

Specifically, he said IT pros with all eyes on them are captains to a burning ship, saying “This is fine.”

this is fine

Taken from “Ransomware: How To Stop It In Its Tracks & Respond When You Can’t”

And while, yes, WannaCry was scary, following good ransomware prevention methods also worked to protect systems from it. After all, the program was just a scary ransomware worm with (very) good exploits. Shpantzer hit home that every ransomware cybersecurity policy should be able to:

  • prevent initial infection
  • mitigate ability to spread once infected, and
  • respond/recover quickly.

Preparing for the future

Ransomware needs to be treated differently than other hacking attempts, such as data theft. Once hackers steal data, they have to find a buyer who wants specific and often unusable-to-most-people information.

And that’s getting harder and harder to do in this economy, as we’ve seen first hand with TheShadowBrokers wealth of exploits.

So instead of going after your data, hackers have realized it’s much easier to just block access to it. And companies are willing to pay to regain access and get back to business as usual. It’s a far more lucrative business for hackers and it’s easier than pilfering protected data.

But you can still take steps to fight back and arm your defenses against any attackers. Shpantzer offered the following steps every IT department can begin to take:

  • Get your systems up to date. If it’s possible, schedule out software updates and make sure users are following through. Of those affected by WannaCry, 98% were running Windows 7, which is still vulnerable to many attacks.
  • Isolate sensitive systems and segregate them from the rest. Financial systems shouldn’t be linked to more vulnerable systems.
  • Train users, don’t blame users. Many times a virus gets onto your system because a user invited it. Usually they were tricked by an invoice or email. If the users’ job is to open invoices all day, it’s to be expected that they may open a malicious one unless trained to spot scams.
  • Set up filters. Conceivably, users don’t need to connect to unusual domains like .hair or .top domains, so stop them from being accessible.
  • Keep on top of threats and attacks. You can follow malware trackers and top-level domain databases online for free.