How to Stop Ransomware in its Tracks

Key Technologies

Despite rumors of its demise, ransomware continues to be one of the top cyber threats facing organizations, with 30% admitting to have been victimized in the past. It is therefore critical that you have advanced protection technologies in place to keep your organization secure.

Stop Attacks from Getting into and Spreading within your Network

Stopping ransomware from entering and spreading within your network
is vital. This can be achieved with a next-generation firewall. Look for the following key features when evaluating solutions:

  • Top Performing IPS (Intrusion Prevention System) Engine: A modern, high-performance IPS engine is a critical security component of any next-gen firewall, as it performs deep packet inspection of network traffic to identify vulnerability exploits and block them before they reach a target host.
  • Lockdown Remote Desktop Protocol (RDP): Your firewall should enable you to easily restrict access to VPN users and whitelist sanctioned IP addresses.
  • Sandboxing Technology: Your firewall should incorporate sandboxing technology to ensure all suspicious active files coming in through web downloads and as email attachments are being suitably analyzed for malicious behavior before they get onto your network.
  • Zone Segmentation: Your firewall should enable you to reduce lateral movement within the network by segmenting LANs into smaller, isolated zones or virtual LANs secured and connected by the firewall.
  • Application Identification & Control: Your firewall should enable you to identify and restrict which applications can run on the network, and block those typically used in ransomware attacks.



Securing your Endpoints & Servers

Stopping ransomware from gaining a foothold on your endpoints and servers is vital. Look for the following key features in your endpoint and server protection solution:

  • Anti-Ransomware Technology: Your solution should secure your endpoints with technology specifically designed to detect and stop ransomware. It should be able to identify ransomware behavior by blocking malicious encryption that attempts to make unauthorized changes to your data. The technology should also:
  1. Work against both local and remote encryption
  2. Stop both file-based and full disk ransomware
  3. Automatically roll back changes to files with no loss of data
  • Exploit Prevention: Attackers take advantage of vulnerabilities in other software products in order to distribute and install ransomware. Exploit prevention technology stops the techniques attackers rely on to achieve their goals.
  • Machine Learning: Your solution should be able to utilize deep learning, or other machine learning techniques, to analyze the “DNA” of files and block never-seen-before ransomware before it can execute.
  • HIPS Behavior Analysis/File Analytics: Your endpoint solution should be able to examine the components/structure of files for malicious elements and checks if it contains code trying to modify the registry.

Download the full checklist here to learn how to stop phishing emails and how Mission Essential CTS can help keep you secure.