This content is part of the Essential Guide: Network security basics for building better corporate systems
Manage Learn to apply best practices and optimize your operations.

Five ways to prevent a ransomware infection through network security

Stronger network security could be the key to preventing a ransomware infection. Expert Kevin Beaver has five ways organizations can improve their networks to stop this threat.

Ransomware attacks are not only becoming more common, they're becoming more creative. This advanced malware that...

once targeted users directly is now being deployed via remote exploits of unsecured web servers running WordPress and, now, JBoss. According to Cisco's Talos threat intelligence organization, a new type of ransomware called SamSam is targeting enterprises running vulnerable versions of JBoss. Rather than the ransomware infection spreading through phishing attacks or drive-by downloads, it instead attacks a compromised server and spreads throughout the internal corporate network. This is just one example of a myriad of highly-complex threats targeting corporate assets and resources every day. Ransomware appears to be coming of age.

So what can enterprises do to protect themselves from initial ransomware infection? If ransomware gets into one system, how can enterprises stop it from spreading to others? It all comes down to common sense. The ransomware threat is no different than any other threat; there's a vulnerability and the criminals want to exploit it for ill-gotten gains. The method and underlying technologies evolve, but the threat itself needs to be handled in the same manner as any other threat. Here's how enterprises can approach this security challenge:

1. Acknowledge that you don't know what you don't know

The sign of a truly wise security professional is admitting that many things on the network are unknown. Systems, applications, users, information and the like all make up a group of assets that are often unaccounted for and, therefore, undersecured and currently at risk to ransomware. Another key indicator of a smart security pro is the presence of a plan to make things better.

2. Acquire support from management and users

Before anything can get off the ground in security, management needs to politically and financially back it, and they needs to do so on an ongoing basis. Assuming the security team is able to get management on board with their plan for fighting ransomware, they'll also need to get the users on board with policies, ramifications of bad choices and the overall setting of expectations on "this is how things work here."

3. Deploy the proper technologies or tweak your existing setup

The heart of a strong malware defense is well-designed and properly-implemented technologies. If a network is to stand up against a modern day ransomware infection, it needs the following:

  • First and foremost, patching needs to be under control. Many businesses struggle with this, especially with third-party patches for Java and Adobe products, and hackers love this. Until software updates are deployed in a timely fashion, the organization is a sitting duck. A network is just one click away from compromise.
  • Effective malware protection is also a necessity. Steer away from the traditional and look more toward advanced malware tools including non-signature/cloud-based antivirus, whitelisting and network traffic monitoring/blocking technologies.
  • Data backups are critical. Organizations' systems -- especially the servers that are at risk to ransomware infections -- are only as good as their last backup. Discussions around backups are boring, but they need to be well-thought-out to minimize the impact of the ransomware that does get through and encrypts critical assets.
  • Network segmentation is another important part of ransomware protection, but it's only sometimes deployed properly. Just keep in mind that VLANs -- the most common segmentation technique -- aren't secure if an internal user can guess the IP addressing scheme that's likely a mere digit increment or decrement away.

Finally, security assessments can help protect enterprise networks. Stop pen testing for the sake of PCI DSS, and start performing comprehensive security vulnerability assessments that look at the bigger picture. If the security team keeps malware in mind when it looks at its internal network from the internet, it'll find a slew of weaknesses that are currently facilitating the ransomware infection threat. Document these findings and present them to management for the necessary support.

4. Monitor and respond
Security teams can't secure -- or respond to -- the things it doesn't acknowledge. Most enterprises have a half-baked monitoring, alerting and incident response program. Security teams need to do what needs to be done: monitor servers, workstations and network for anomalies, take quick action, and do what's necessary to respond to the current event and prevent it from reoccurring.

5. Fine-tune to get better
Many people -- both in management as well as IT and security -- view security as a one-time deal. You invest, you deploy, you assess and everything else will take care of itself, but this is hardly the case. IT and security teams are pressed for time because they're constantly having more projects layered on top of what is still left undone. Figure out a way to fix that. It may be in terms of time management, different processes or hiring new FTEs. Whatever it is, fix it.

The security solutions to a ransomware infection are not endpoint-centric, as Cisco Talos' report shows, nor are they network-centric. They're holistic. It's a little bit of everything -- in various parts of the organization -- working together to create barriers to entry and exploit. Sound familiar? It's the same tried and true approach to information security that's been known about for decades yet organizations continue to struggle with. The technical understanding is there, but security is impeded by politics and special interests. From the CIO to the CLO to the CEO and a lot of people in between, everyone involved has his or her own agenda that keeps what needs to be done from getting done.

An organization might not be able to overcome the human aspects of information security but it can at least try to make the criminal hacker's job as difficult as possible.

Next Steps

Learn how to identify the warning signs of network intrusions

Discover ten ways to stop a ransomware threat

Find out how extortionware and ransomware are different

Can Frequent data backups can help you recover from ransomware 

This was last published in June 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What does your organization do to mitigate the threat of ransomware?
I always love your stuff, Kevin! Great advice, as usual. Endpoint security in particular becomes a big deal when you overlook the most vulnerable elements such as printers or mobile phones. Why do so many organizations fail to recognize these limitations -- and holes -- in network security?

--Karen Bannan, commenting for IDG and HP
What is not explained about backups is very important with the advent of ransomware. 
Ransomware mitigation requires proper backups that are vaulted/isolated from infection, versioned and verified to ensure their integrity.
There are many backup systems offered for enterprises offered by Shadow Protect, Veeam, StorageCraft, BackBlaze, Carbonite, Datto, CrashPlan and more to systems for small business and individuals such as Acronis and the new low cost BaQapp.
Great advice:) I think that now more than ever people have started noticing how important it is to use a proper anti-virus software that will protect their data and files. I have only recently installed one, because I felt that the danger of ransomware attack is real. My friend has recommended me the Impedio Security, and it worked really well for me. I started with the free trial, but have already bought the licence for full version. I feel much safer now!