Ransomware is an attack on your computer, it could be at home or a work, that encrypts your files so that you can’t use them…
Ransomware – how can you protect your critical data and your business from this type of malware? Cyber Security is becoming more and more important every day, the attacks getting more sophisticated and forever learning ways to bypass our current security. A recent development over the last couple of years is they can now make money from the smallest gap in your security.
Ransomware – what is it?
Ransomware is an attack on your computer, it could be at home or a work, that encrypts your files so that you can’t use them. This is when you get the message to pay them so that you can get your files back. This often comes at a hefty cost.
I know what you’re thinking, “I backup my data, I can restore from that”. The answer is yes and no. If the backup data is on a network share or an attached external drive, these attacks will scan for these and encrypt those too. In fact, some attacks purposely target shadow copies and previous versions so that this is not an option. You may follow best practice guidelines and have a backup offsite, be it a tape or drive, however I would be wary connecting anything to the computer in case the process is still running. The backup would also be missing any new data since it was last backed up.
Anti-Virus & Firewall – reactive service only?
The problem with most security, be it Anti-Virus on your desktop or the firewall of your network, is that it is a reactive service. By this I mean, their software somehow gets onto your computer, at this point you hope the AV picks it up, sometimes it is even running before the AV notices. It reacts to something going on. The problem is that this attack could be the latest of its kind, this mean it won’t be in any of the databases. How would it know that this is something malicious?
The best way to set up security is to have multiple, independent and different layers. Think of an onion, they have multiple layers, when you get past one another is in the way. You want the same thing for your network security. You also want the Anti-Virus at the gateway and the computer to be different, this is to do with what databases they use. If you have the same AV for both, it will use the same database. If it doesn’t get picked up at the gateway firewall, it won’t get picked up on the computer either.
How to protect my business?
Is there a way to prevent the attacks from reaching the network? SonicWALL provide two solutions that can help, Deep Packet Inspection and Capture. These are more advanced features that their firewalls can offer.
Deep Packet Inspection is a way of monitoring encrypted web traffic. The problem with encrypted web traffic is that it passes from the computer to the source and back again, basically it goes straight through the firewall. What Deep Packet Inspection allows is the ability to monitor that traffic, and block anything that you don’t want. Say there was a malicious file that was being downloaded, the firewall would be able to stop it from entering the network provided the attack was in the database. You can set up different policies to say what traffic to inspect, for example you wouldn’t inspect and banking traffic.
The way that it works is that when you connect to a secure web, the session is encrypted from the firewall, so that the traffic from the firewall to the external website is encrypted. When the data returns, it is unencrypted at the firewall and then inspected. If something bad is detected it is blocked, otherwise it is encrypted using its own certificate and then passed to the user. This means that the only place your traffic is not encrypted is at the firewall.
So what if a file that wants to be downloaded isn’t a known type or isn’t in the database. This is where Capture comes in. This is a cloud based service that will determine if the file is safe. This is a real pro-active solution. Now, if a new attack is sent to the firewall, the firewall will send this file to Capture. Where a multi-engine approach is used to determine if the file is safe. Depending on the verdict will determine if the file is allowed or deleted. When Capture finds a new malicious file, it’s automatically added to the database, so if it sees the file again, it already knows about it.
This is a great way to protect the network pro-actively and keep these files from even entering the network. SonicWALL’s Anti-Virus database is also their own, so it won’t clash with anything on the user’s computer. Network Security is an ongoing process and while there is no guarantee of 100% protection, this is surely a giant step in the right direction.