Prevent Ransomware Attacks with Endpoint Security Software


Ransomware attacks have been on the rise in August, with at least three different types of viruses infecting victims in the U.S. and the U.K. These ransomware campaigns are targeting individuals and organizations in the manufacturing and healthcare sectors.

The IRS recently issued a warning about a new ransomware scam that is targeting taxpayers. The new scam is sent to taxpayers via an email that includes emblems from the IRS and the FBI, making it appear to be official correspondence. The email tells recipients that they are required to fill out a questionnaire from the FBI, and they can do so by clicking on a link in the email. The wording of the email implies that this questionnaire is required due to new tax regulations. In actuality, these new regulations don’t exist. When the recipient clicks on the link to the questionnaire, a ransomware virus is downloaded onto their device. The virus then locks the user out of the files on their device, and demands payment for a decryption key.

Across the Atlantic, another ransomware campaign hit hospitals in the UK. On August 22, NHS Lanarkshire, a Scottish health board, was infected by a new variation of the Bitpaymer ransomware. Bitpaymer asks the victim for 53 Bitcoins in return for a decryption key, but security researchers say that the files can’t be restored even with the key. This isn’t the first time NHS Lanarkshire has had its operations halted by ransomware. Back in May, the healthcare organization was also a victim of the WannaCry malware.

Another ransomware virus, Defray, was recently uncovered by security researchers. The ransomware campaign used a phishing email with a malicious Microsoft Word file to infect victims. The Word file contained an embedded executable and an OLE packager shell object, and the phishing emails were specifically tailored for the victims. The cyber attackers behind this ransomware demanded $5,000 in payment for the encryption key, but also offered the victims an option to negotiate on the ransom via email. Defray was discovered in early August when it was attacking manufacturing and technology verticals in the U.K. The ransomware campaign has also spread to organizations in the U.S.

As ransomware attacks continue through 2017, it would benefit companies to have Endpoint Management Software in place to monitor for cyberthreats. Below are five steps companies can take to keep their data secure from a ransomware attack:

  1. Back-up Important Documents: Companies should regularly back-up important documents and files, especially if they are vital to everyday operations. Daily back-ups allow companies to easily and quickly resume operations if a device gets infected with a ransomware virus, which minimizes lost profits due to downtime and lost productivity.
  2. Monitor Networks: Companies should continuously monitor their networks and devices for suspicious activity. Through continuous monitoring, companies can uncover unauthorized users and malware before either has a chance to attack and compromise the network.
  3. Patch Security Gaps: If a security gap is uncovered during a routine audit, companies should prioritize remediation. Security gaps in operating systems, browsers, and other software can be exploited by hackers who want to infect a network with a ransomware virus. Through regular patch updates, companies can prevent ransomware infections via exploit kits.
  4. Educate Employees: Employees should know to avoid clicking on links or attachments from unfamiliar recipients. However, through email address spoofing, an employee might be tricked into thinking a malicious email is legitimate. In this case, employees should hover over links or look at file extensions to determine if it is legitimate.
  5. Whitelist and Blacklist Applications: By whitelisting applications, companies can make sure employees are only running legitimate, authorized software on corporate devices. Through application blacklisting, IT departments can prevent employees from downloading malware or third-party applications that may be unsafe.

Endpoint Security software can help IT departments track what’s running on their networks, and find any gaps in security. By monitoring networks for threats and immediately remediating security gaps with endpoint security software, companies can prevent a ransomware attack from compromising important files and disrupting daily operations.