Unfortunately, ransomware isn’t going to go away any time soon. In fact, Cybersecurity Ventures predicts that the cost of ransomware attacks is likely to reach $11.5 billion by 2019. The primary cause of this is the increasing regularity of attacks. In 2019, the same report predicts that a new ransomware attack will occur every 14 seconds. Scary numbers!
Naturally, many organizations are turning to popular ransomware prevention tools to help address this. Just a quick Google will reveal hundreds of vendors promising to help you prevent ransomware attacks altogether (ranging from freeware to extortionate costs).
The more I see this the more I begin to question; can you prevent ransomware attacks in reality? The more I give this question thought, the more convinced I become that no piece of software alone can get this job done. You can certainly mitigate the risks and damages of a ransomware attack, but prevention is a very different thing.
Why You Can’t Always Prevent Ransomware
There are numerous reasons why I believe that ransomware is difficult to prevent, many of which were captured in the Second Annual State of Ransomware Report, in which over 1000 SMEs were surveyed.
The survey found that, whilst over a third of respondents claimed to have ransomware prevention solutions in place over the last year, a similar number of organizations were hit by a ransomware attack over that period. In fact, it seems as though having an anti-ransomware tool in place doesn’t reduce your risk of being attacked by a significant amount.
This is because, as the same survey found, the most common cause of ransomware attack is related to email use. In fact, 37% of ransomware attacks originated from an email attachment, and a further 27% from an infected link in the email itself. Spam mailboxes and anti-ransomware tools cannot always identify a malicious email, and this is why they are useless in the majority of cases.
Ransomware is a people problem. It’s your users that click the links and let the ransomware into your system. No amount of money and time spent on prevention software is going to affect whether a junior member of staff clicks on that dodgy link, for example.
Education is the Answer
Technology alone cannot beat ransomware. Efforts need to be made across all areas of the business to ensure that people are made fully aware about the risks of clicking on suspicious links in attachments and email content. Regular staff training sessions and strict policies regarding email security are two immediate steps you can take to try and tackle the majority of ransomware at it’s source.
LepideAuditor is Your Last Resort
Of course, all the training in the world isn’t going to completely prevent a user from clicking on a suspicious link. These things happen. So, it’s equally important that you have a solution in place that can detect and prevent the spread of a ransomware attack in progress.
This is where LepideAuditor comes in.
LepideAuditor is a sophisticated, scalable and affordable solution that audits, monitors and alerts on critical changes being made to Active Directory, File Server and other critical IT platforms. The solution covers many fundamental aspects of IT security and compliance demands, including ransomware.
By continuously tracking changes being made to critical files and folders, in conjunction with a threshold-based alerting functionality, LepideAuditor can enable you to detect a potential ransomware attack in progress and prevent it from doing further damage.
Threshold alerting allows you to set the parameters that trigger the alert to be sent. For example, you could set an alert to be sent if an unusually high number of file modifications occur over a short period of time (which could be indicative of a ransomware attack encrypting files by changing extensions). Once this threshold is met, you can also set a script to trigger automatically to take immediate action to prevent the changes from occurring further (shutting down a server, computer or reversing the changes, for example).
If you want to see more about how LepideAuditor helps detect and prevent the spread of ransomware, check out our website or contact one of sales team today.