What is a Ransomware Attack

What is a Ransomware attack

Ransomware is a type of malware attack which encrypts a victim’s files, so the victim is unable to access their data. In a ransomware attack, the attacker demands ransom (often in the form of bitcoin) from its victim to decrypt the data and give them back access to it.

Ransomware attacks are often carried out by Trojan – disguising infected files as a legitimate file that the user is tricked into running. However, it is possible to spread ransomware even without user interaction. For example, this is how the WannaCry worm spread.

How Ransomware Is spread

There are many different ways to spread ransomware. Here are just a few:

Phishing emails – Clicking on a link in a disguised, or phishing, email, intended to trick the recipient that the message is authentic.
Malvertising – When malicious code is injected into a legitimate online advertising network, redirecting users to malicious websites.
Drive by attacks – Visiting an unsafe fake web page. This includes sites that may have been unknowingly infected, as well as fake sites disguised as legitimate sites.
Self-propagation – Physically infecting a system through network or USB drives.

No More Ransomware

How to Stop Ransomware & Other Tips
for Ransomware Prevention

Clean up and tighten firewall rules

Unused, duplicate, or conflicting firewall rules make it harder to manage your network. Overly permissive rules provide an open door for attackers to slip in. Over the years, firewalls accumulate thousands of rules and objects. These rules become out-of-date or obsolete. Bloated rulesets not only add complexity to daily tasks, but they may put your network at risk. Overly permissive rules (such as ANY/ANY) can leave the door wide open for attackers to take advantage of. Safely removing rules, however, is not easy. Incorrectly cleaning up may cause application outages, and rule recertification projects sometimes leave people wondering why the rule was there in the first place.

Analyze the risks and vulnerabilities on your network.

Your security policies introduce risk into your network. Risk is a fact of life. But you need to be able to identify the risks in your network security policies and prioritize them according to their potential business impact. Vulnerabilities are widespread. It’s critical to be able to weed through and prioritize these risks based how they impact the key applications that run your business. You need to know where the vulnerabilities are on your network. To do that, map vulnerabilities to their related firewall rules.

Keep the bad guys from running wild with network segmentation

Using network segmentation, you can build a defense-in-depth strategy to reduce your attack surface. If the bad guys get in, they won’t be able to get very far. Network segmentation segregates and protects key company data and limits attackers’ lateral movements across the corporate network.

Identify where your hybrid network is exposed to public networks

It’s hard to secure what you can’t see. Business applications rely on complex connectivity flows that span multi-cloud and hybrid networks. Network security operations teams need to understand and map these flows. They need to be able to identify traffic flows that may act as a back door to unwanted or malicious traffic. They need to know where the doors to your network are and understand where they lead. A full topology map and traffic query simulation of your entire hybrid network will provide those insights and keep you from flying blind, so you can identify where your network is exposed.

Respond to incidents coming from SIEM/SOAR solutions with rapid isolation

SIEM/SOAR solutions collect, correlate and analyze the logs generated by your technology infrastructure, security systems and business applications. The SOC team uses this information to identify and flag suspicious activity for further investigation. However, given the vast amount of data many of these alerts are false alarms. However, it is possible to cut through the noise and this helps mitigate ransomware attacks. Tie security incidents to network traffic. This way, you can understand if a compromised server is open to the web. This makes, if a trojan gets in, it easier to immediately isolate the infected server.

Prevent and Respond to a Ransomware Attack

Download these resources to discover more

Ransomware Attack: Best Practices to Help Organizations Proactively Prevent, Contain and Respond

One of the biggest concerns for info security professionals and business executives right now is ransomware attacks. It has prompted many organizations to urgently assess what they...

Watch Webinar

What is a Ransomware attack

Avishai Wool, CTO and co-founder of AlgoSec, looks at how organizations can implement and manage SDN-enabled micro-segmentation strategies

Keep Reading

Micro-Segmentation based Network Security Strategies

As cyber threats become more sophisticated, companies of all sizes are struggling to stay secure. Regardless of how many different firewalls you use, it’s merely a matter of time...

Watch Webinar

Microsegmentation – Ongoing Maintenance

Watch this Prof. Wool video to learn about the ongoing maintenance of your data center upon completion of a microsegmentation project

Watch

AFF Ransomware Isolation

In this video Prof. Avishai Wool shows how to create a playbook to be used in case of a ransomware attack and how it can be used when an attack takes place

Watch

How AlgoSec helps prevent and mitigate ransomware attacks

Manage Security Policies

AlgoSec helps mitigate ransomware attacks by managing your network security policies. It helps organizations cope with the challenges above and provides the practical tools to prevent and stop ransomware attacks.

Visualize Your Network

AlgoSec automatically pulls information from a wide range of devices to generate an interactive network topology map of your entire heterogeneous network. Through this map you can identify where your network is exposed to public networks and understand the impact of network security policies on traffic.

Optimize Security Policies

With AlgoSec, you can optimize your security policy, clean up firewall rules, and remove obsolete, duplicate, and overly permissive rules. AlgoSec’s actionable reports help you uncover and remove unused, duplicate, or conflicting rules and tighten overly permissive rules (e.g. ANY/ANY) without impacting business requirements and securely remove access for decommissioned applications. AlgoSec’s automated change management processes ensure that you can maintain policy hygiene so that new rules are optimally designed and implemented.

Assess & Mitigate Risks

AlgoSec lets you instantly assess, prioritize, and mitigate risks in firewall policies across your entire network (including multi-vendor firewalls and cloud security groups) and map them to their associated business applications. AlgoSec checks your security policies against a database of best practices and known risks, which can also be customized to your organization’s own policies. Before implementing any new change, AlgoSec assesses the risk of that change, so that you can ensure that you do not unknowingly introduce new risks into your network.

Tie Security Incidents to Business Processes

Through a seamless integration with the leading SIEM and SOAR solutions, the AlgoSec Security Policy Management solution ties security incidents directly to the impacted business processes. Once identified, AlgoSec neutralizes the attack by automatically isolating compromised or vulnerable servers from the network.

Enforce Network Segmentation

AlgoSec makes it easier to define and enforce network segmentation throughout your multi-vendor hybrid network. With AlgoSec, you can validate that your existing network security policy does not violate your network segmentation strategy, block critical business services, and meets compliance requirements. AlgoSec also proactively checks every proposed change request against your segmentation strategy to ensure that it doesn’t break it or introduce risk.