Research shows that most advanced attacks today start with phishing or spam emails sent to non-privileged business users. These phishing attacks often utilize ransomware – a form of sophisticated malware that blocks access to sensitive files by encrypting them and demands payment in order for the user to access the files again. According to a recent research highlighted in a CSO article, 93 percent of all phishing emails contained encryption ransomware as of March 2016 data.
Ransomware is on the rise, and attackers increasingly use this approach to target enterprise organizations. Ransomware can be particularly challenging to combat, as once inside the network, it can compromise machines, steal data, capture credentials or damage systems all without using any administrative privileges. If an organization has removed users’ administrative rights on endpoints and servers but is not monitoring and controlling which applications are allowed to run on these machines, a rogue application containing ransomware, which does not require administrative privileges to run, can enter the infrastructure and execute in the environment. This gives attackers a foothold into the organization.
In the short video below, Jessica Stanford, CyberArk’s Senior Product Marketing Manager, shares best practices for mitigating the risk of ransomware, from employing defense-in-depth and regularly backing up files to applying a combination of least privilege and application control.
In another article, Jessica noted research the CyberArk Labs team conducted to test how CyberArk Viewfinity protects against known and unknown variants of ransomware. The team manually tested 450 specific ransomware samples from 14 different crypto families (including Cryptolocker, Petya, and Locky) – focusing on the most common and notorious ransomware strings. CyberArk Viewfinity was able to block 100% of the ransomware samples from successfully encrypting files.
As attackers become more adept in circumventing defenses, organizations are increasingly vulnerable to ransomware and other types of sophisticated malware. To learn more about how to strike the right balance between security and usability to effectively reduce the attack surface while keeping users productive, please visit www.CyberArk.com/Viewfinity.
Editor’s Note: CyberArk Viewfinity with enhanced protection is now CyberArk Endpoint Privilege Manager.