Cyber Security

Thrive Officially Promotes NoMoreRansom.org

“Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. However, this is not guaranteed and you should never pay!” – NoMoreRansome.org

I recently saw @Raj_Samani from McAfee speak at RSA about the NoMoreRansom project (https://www.nomoreransom.org).  I had heard a little about this initiative when it launched but never truly understand the function or the goal.

I’ll let the NMR site describe it for you:

“The No More Ransom website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.”

NMR is true crowdsourcing for the good guys.  If you get infected with ransomware, you can take an encrypted file and upload it to the site.  They can then tell you if a free decryption method is available.  Even if the decryption is not available it provides yet another malware sample for researchers to analyze so maybe the next victim can be helped.

Raj mentioned that they have saved businesses close to $3M since the launch of the site.

A couple ways to mitigate ransomware infections are:

  • Train your users to avoid malicious links with Anti-phishing products
  • If you have URL Protection from your mail filtering solution turn it on!  If you do not have mail filtering, get it!
  • Use a firewall solution that has sandbox functionality

Some further steps to take to mitigate risk are:

  • Regular File Backup and Replication
  • Network Segmentation
  • Disable/Filter SMB Protocol (File Sharing) on every machine
  • Keep all software patched and up to date
  • Disable files from running AppData/LocalAppData folders
  • Regular review and oversight of Security Program
  • Use a reputable security suite for A/V, Firewall, Mail Filtering, IDS/IPS, content filtering, virtualization, operating systems…

In 2017 Ransomware attacks are expected to increase make sure you are taking the steps to mitigate risk. Contact Thrive with any questions on how to keep yourself and your company protected against these attacks.