There is a lot going on in today’s businesses, and the result is that businesses are more exposed than ever to cyberattacks such as ransomware. Connectivity inside and outside the corporate network and more, expands the attack surface. And as ransomware continues to infiltrate organizations via email, it is increasingly gaining access through Remote Desktop Protocol (RDP) and vulnerability exploits.
Cyber criminals use ransomware to take over your computer for the purpose of extorting money from you. Once the malware has been installed, the hacker controls your computer, freezing you out of it until you pay a specific sum. The attacker will claim that after you make the payment, you will get a decryption key you can use to regain control of your computer.
Ransomware attacks have crippled entire organizations for hours, days, or longer. Fortunately, there are ways to prevent ransomware from getting onto your computer, as well as steps you can take if an attack is successful.
Key Security Controls for Each Stage of Attack
In most respects, cyber criminals have the advantage. All they need is one target to bite to be on their way to reap rewards. But organizations do have the benefit of thwarting each campaign at any of its multiple attack stages to remain safe. This is why the Cyber Kill Chain concept remains a powerful cybersecurity strategy, especially in regard to ransomware.
Given that the majority of today’s ransomware is typically delivered via email, followed by the web, strong threat prevention, detection, and response provided via a secure email gateway and next-generation firewall (NGFW) are key.
Fortinet FortiMail secure email gateway
FortiMail is a top-rated secure email gateway that stops volume-based and targeted cyber threats, prevents the loss of sensitive data, and helps maintain regulatory compliance. Of note, capabilities like click protection provide up-tothe-minute reputation checking for embedded URLs, while content disarm and reconstruction thwart malicious code embedded in attachments. Further, sandbox analysis can analyze both attached files and embedded URLs in an instrumented virtual environment. All of these capabilities can be enabled inline before emails are delivered, to protect end-users from messages designed to fool them into granting ransomware access to their system.
FortiGate next-generation firewall
FortiGate NGFWs consolidate industry-leading security capabilities such as secure sockets layer (SSL) inspection including the latest TLS 1.3, web filtering, and intrusion prevention system (IPS) to provide full visibility and protect any network edge. With consistently top-rated security services from FortiGuard Labs, and integrating the dedicated advanced threat protection of FortiSandbox and FortiAI, FortiGates reduce the risk of ransomware delivered via the web.
It’s Time to Thoroughly Prepare for Ransomware
Tracking global activity over time makes it clear that ransomware is going to continue to be more prevalent and more difficult to stop. Fortinet has technologies to address ransomware at multiple attack stages, in addition to security awareness training, staff augmentation, and other services.
Organizations should assess their current strength of security, concern about exposure, and best solution fit at each stage of the Cyber Kill Chain. This should complement broader efforts to prepare for potential ransomware incidents such as:
- Segmenting the network
- Hardening devices
- Establishing and testing backups
- Determining monitoring and response processes
- Augmenting in-house technologies, tools, and processes with expert outsourced services