Preventing Ransomware

Why is it important to prevent ransomware?

Today’s ransomware is not designed to infect one machine. Its goal is to gain full domain access and infect entire networks and organizations, take control over critical business systems and hold them for ransom until a price is paid. All it takes is one click by one person, and your whole IT network could be compromised. If you are able to prevent that initial breach, you can prevent lateral movement and stop ransomware gangs from taking control over your systems or exfiltrating data.

What are the business impacts of ransomware breaches?

Ransomware payments are rising. The average ransom in 2021 was $312,493—including $4 million paid by Colonial Pipeline. In addition to the payout, many gangs participate in double extortion. Using control over your critical business systems to exfiltrate your data and threaten to sell it to the highest bidder or put it up on the public Internet. Beyond direct costs, ransomware impacts operations while you negotiate with the ransomware gang or restore your systems. It can also ruin your brand reputation if news of the breach gets out.

Why is it so hard to prevent ransomware attacks?

Highly Evasive Adaptive Threats (HEAT) are used by threat actors who employ evasive techniques to bypass traditional web security measures and leverage web browser features so they can deliver malware or compromise credentials. If successful, HEAT attacks render all browser-based security defenses helpless. These include sandboxes, file inspections, network and HTTP-level inspections, malicious link analysis, offline domain analysis and indicator of compromise (IOC) feeds. Specific techniques include HTML smuggling, sending malicious links through unprotected channels (such as text messaging, social media, professional web networks, collaboration software, SMS, shared documents, shared folders and SaaS platforms), hiding malicious content inside web page source code and using benign websites to deliver sophisticated malware. Essentially hiding in plain sight, these HEAT attacks are able to trick traditional SWGs into assuming they are legitimate traffic.

What is Menlo Security’s approach to preventing ransomware through isolation technology?

There are three stages of a ransomware attack: gaining the initial foothold, spreading through the network and executing the final payload to gain control over critical business systems. Stage two and three are entirely dependent on stage one—gaining initial access. Menlo focuses on stopping ransomware before it is able to make the initial access—effectively rendering the ransomware impotent. Without access, it can’t spread through the network, gain control or hold systems ransom.

What are three capabilities buyers should consider when buying a malware prevention solution?

Ransomware solutions need to scale across the entire organization, preserve the native browser experience and integrate with existing security tools. Most vendors recommend that their customers isolate certain categories of web traffic or a certain group of users. However, truly and completely removing malware threats from your organization requires an isolate all approach. Malicious actors are getting very good at tricking users into clicking on a link or downloading an attachment through spear phishing. Threat surfaces are growing decentralized through digital transformation, work from home and cloud migrations. And the impact on the business of a successful breach is growing too much to leave anything to chance. Isolate everything! Users need to use the Internet like they’ve always done before. Isolation shouldn’t mean slow experience, limited functionality such as cut, paste and printing or a new browser to learn. It’s also important that your ransomware protection solution is easily integrated into your existing security stack, providing a single dashboard for policy management and security controls.