Application Control – the most effective remedy for Ransomware
The word “Ransomware” is on everyone’s lips right now, so everyone is trying to sell their solution on the back of this wave of interest. Recent coverage of this massive global Ransomware attack suggests that the safest protection against these would be to use a backup solution and an antivirus with the latest signatures – just because of the high number of companies promoting them.
Surprisingly one of the most effective protective components has been completely overlooked; Application Control with a Whitelist of approved applications. This is a powerful extension for any antivirus tool since it can stop, not only known, but also unknown viruses. It is exactly this very addition to the package that is of particular value against Ransomware.
To put things into perspective, let’s go through a brief analysis of everything else that is recommended:
- – Patch management. Clearly this is very important. However, it mostly helps against the spread of Ransomware, rarely against Ransomware itself.
- – Backup. This is also important. Unfortunately, backup does not help against Ransomware, it only limits its damage. If I take the analogy of a house break-in? Household insurance will replace the stolen valuables, so you get equally functional replacements. With Ramsomware attacks, you don’t get everything back; the most recent files are no longer available.
- – No longer saving locally. This can help, but not always. It can however, make daily work far more difficult. The more flexible your design, the more counter-productive it gets.
- – Employee Awareness. This is always necessary, but we cannot rely on it. No matter how often someone is informed, mistakes will always happen. In addition, the attacks are becoming more sophisticated. Relying on this alone, means you can either no longer open any more files and therefore not work, or you are permanently in danger of attack. It cannot only be the users’ job to protect themselves, especially if there are tools available that can reliably ensure protection.
- – Antivirus solution. This is a must. However, as explained earlier, it only helps against known viruses. All new malicious software will have a free hand for several hours, even several days. When we talk hours in the digital world, it corresponds to years in the more normal world. The bad guys continually change viruses until they are not detected by any anti-virus software, because they test against the antivirus solutions available out there.
Now we come to the real solution.
Let’s take another analogy. Would you want to regulate access to your company or your bank by giving a doorman (or security) 350,000,000 photos of all known criminals worldwide? In addition, you then must train him to understand the plethora of patterns that make someone who is not in this list suspicious? For example, if he is wearing a mask, has a false moustache, or carrying an empty bag, these might be construed as being suspicious, even though he is not on that list. Alternatively, you could give the doorman, the list of 20-30 people (i.e. the Whitelist) who are allowed to enter the building; all others have no access, but can be added to the list only after a review. I think you’ll agree that this Whitelist route is not only easier, but also significantly safer. This is how application control works.
This is why Application Control with Whitelisting, is such a powerful protection against Ransomware.
Of course, there is no such thing as 100% protection – this will never happen. Security software is there to minimise the risks as far as possible …
For maximum protection, our recommendation is to implement all these protective measures. However, don’t forget Application Control with Whitelisting, for the most effective protection against Ransomware (and other malicious software attacks).