Protection from Ransomware
In the IT world, computers and data are under threat of attack all the time. Viruses, spyware, malware, and most recently, ransomware are at the forefront of IT security.
Ransomware is defined as malware planted illegally in a computer or mobile device that disables its operation or access to its data until the owner or operator pays to regain control or access. Malware is software intended to damage a computer, mobile device, computer system, or computer network, or to take partial control over its operation.
The most popular ransomware currently is WannaCry ransomware and its variants, which attack targeted and affected users in various countries across the globe by encrypting data files on infected computers and demanding users pay a $300USD ransom in bitcoin to decrypt their files. The ransom cannot actually be paid and the data cannot be recovered except from a backup system.
How T4D protects our clients: Block, Protect, Prevent
Tools 4 Data has several vendors that provide for strong protection from ransomware with a multi-layer approach. T4D keeps our clients protected by
1. Block – Tools 4 Data uses only SonicWALL advanced threat protection firewalls.
SonicWall next-generation firewalls effectively prevent ransomware with a multi-layer approach. Geo-blocking prevents network communications by reading the network traffic and blocking communications from unknown or unwanted countries. Advanced threat protection gateway antivirus scanning searches all traffic to or from the internet for virus and malware content imbedded in documents, email and web traffic. This antivirus technology had the ability to spot and block WannaCry in early April, months before WannaCry made its public debut. Botnet filtering prevents communications with known botnets and can break the install evolution from benign to malicious malware. The result is higher security effectiveness, faster response times and a lower total cost of network operation.
2. Protect - This is the job of Antivirus. Tools 4 Data uses only Symantec’s Enterprise antivirus products to protect our customers should malware find a way past the blocking firewall. It is worth noting that Symantec had protection for WannaCry back in March 2017 that would identify and block the malware from being installed on a PC or server.
Symantec Endpoint Protection and Norton customers are fully protected from WannaCry by multiple layers of advanced protection. This includes Symantec’s new advanced machine learning, proactive network exploit protection, SONAR behavioral protection, and the Intelligent Threat Cloud. Customers of Symantec’s email service are also fully protected from WannaCry. The Skeptic and Link Following technologies available in Symantec Email Security.cloud provide additional proactive protection. Through real-time sharing of Symantec and Blue Coat intelligence, all WannaCry samples blocked by Symantec Endpoint Protection are also automatically blocked for Blue Coat proxy customers.
3. Prevent – WannaCry takes advantage of security holes with Windows operating systems. Tools 4 Data patches our customer machines within a few days of the patch release. No fully patched Windows 7 machine was infected with WannaCry because of the prevention afforded by fully patched machines. Windows 10 machines have new offensive prevention technologies included that will finally monitor and protect the operating system itself. Microsoft has been closely watching the onslaught of this new ransomware epidemic and added a slew of new features to the second major update of Win10 which is called "Creators Update" — Win 10 CU for short — which has been rolling out since a few weeks.
Effective firewalls and regular patching of systems is critical to protecting clients from cyber attack and Tools 4 Data routinely patches clients' systems. The patch for various malware/ransomware issues was released in March 2017. Wannacry became an issue in late May 2017. Our clients were protected BEFORE Wannacry began to be detected.