Why Proactive Security is the Answer to Fileless Ransomware

According to data breach response insurers Beazley, ransomware quadrupled in 2016 and will double again in 2017. But while the growing scale of the ransomware threat is cause for concern, it’s sophistication that businesses should really be worried about.

Typically, ransomware depends on malware being delivered through malicious attachments or scripts, hidden on a hard drive, and executed to lock your critical data and systems down until you pay a ransom. However, more recent trends see stealth ransomware that doesn’t need to touch your hard drive.

As Kaspersky Lab reports, fileless ransomware hides threats in the depths of RAM and operating system kernels – they become needles in a virtual haystack, with little or no footprint.

In these cases, the first you’ll know of the threat is when your data is encrypted and you’re presented with your attackers’ demands. By this time, the damage is done – whether you’re restoring backups or paying the ransom, cost is unavoidable.

That’s why a proactive approach is so essential – so you can act before ransomware hits your infrastructure.

Build your intelligence like an attacker

In the most advanced incidents, attackers spend their time building a complete and comprehensive understand of your business and its technology. They’ll look at everything from social media to your organisational structure to gather intelligence and target their attacks effectively.

A proactive approach to fileless ransomware means conducting the same analysis in-house. How well do you know your weaknesses? Where are attackers most likely to begin? When you know your most exposed targets, you can deploy effective controls to defend them.

It’s also important to build intelligence throughout your business with training and awareness sessions. As many as 1 in 5 users would open and click emails containing malware, each a potential point of enterprise-wide damage.

Don’t forget the IT security basics

While cybercrime has become increasingly sophisticated, your security stack can’t be limited to the most advanced tools for the latest threats.

The security you’ve been using for years still needs your attention.

As ever, you should be keeping your antivirus software up to date to detect malicious files before they’re executed. That way, you can stop malware and ransomware in its tracks before it is hidden away.

Application patching should also be at the top of your to-do list, closing potential weaknesses that could give attackers a way into your estate. While you’re probably updating Microsoft applications routinely, be sure to inventory all your third-party applications and apply patches as soon as they are available.

While this can be a time-consuming process, the right technology can help you automate large parts of this process. There is just no excuse for leaving these points of entry open.

Limit privileged access to your systems

Finally, Privileged Account Management (PAM) can play a vital role in protecting against fileless ransomware. After all, injecting payloads into your kernel or RAM typically requires privileged access.

Every business should be enforcing a rule of least privilege, limiting permissions unless they are absolutely essential to the day-to-day work of a given user. This can be combined with application whitelisting to check software before it is given the privileges it needs to run.

In addition, improving the security of your passwords can reduce the risk of privileged access falling into the wrong hands. By discovering your privileged passwords, monitoring their use, and enforcing strong security policies, you can remove a potential point of entry for would-be attackers.

In summary: the only way to defend against fileless ransomware is to lock down your systems, applications, and privileged accounts in advance.

If not, attackers will lock it down for you.

Written by