Ransomware is an increasingly common method of attack for hackers against individuals, SMBs and enterprises alike. While the first incidents of ransomware were discovered as early as 2005, the last three years have seen this type of threat explode in popularity and compromise millions of computers and mobile devices around the world.
Ransomware is a type of advanced malware attack that takes hold of a device, either locking the user out entirely or encrypting files so they cannot be used. This type of attack can gain access to your device in a variety of ways. Whether downloaded from a malicious or compromised website, delivered as an attachment from a phishing email or dropped by exploit kits onto vulnerable systems, once executed in the system ransomware will either lock the computer or encrypt predetermined files. The attacker will then make themselves known with an “official” ransom demand, as well as thorough instructions and timelines on how to make a payment to either regain access to the device or to receive the decryption key for the captive files.
The traditional advice in defending against these types of attacks includes persistent reminders to educate users, perform regular software updates and back up all critical devices. All great best-practice rules to live by, but these tips only provide a minimal, first level of defense against an advanced attack. Experts also agree that a layered approach to security is key to an active defense against ransomware. WatchGuard Total Security Suite, available with all Firebox appliances, provides strong defenses against advanced malware and ransomware. Security controls included in the Total Security Suite, such as WebBlocker, APT Blocker and Host Ransomware Prevention, help to detect and prevent common methods of ransomware attacks.
Host Ransomware Prevention
The Host Ransomware Prevention (HRP) feature of Threat Detection and Response enables industry-leading prevention against ransomware attacks. HRP blocks the execution of ransomware before any file encryption on the endpoint takes place, mitigating the attack before any data is lost or damage is done.
APT Blocker is a dynamic sandboxing solution providing detailed visibility and analysis into the execution of malware. If the file has never been seen before, the files are detonated in a virtual environment to analyze the behavior and determine the threat level, protecting against advanced malware and zero-day threats.