IT security expert ProSoft recommends two defense strategies against ransomware attacks on company IT: Whitelist DNS filters and remote browsers are successful against ransomware.
Twelve percent of all cyber attacks are now carried out by ransomware (source Global Threat Intelligence Report by NTT). Corresponding attacks have thus quadrupled in recent years. The financial damage caused by such an attack is also increasing rapidly. With DNS filtering and ReCoBs (Remote Controlled Browser System), IT security expert, trusted advisor and value-added distributor ProSoft shows two effective but fundamentally different strategies against ransomware attacks. While a DNS filter detects and blocks dangerous websites before malicious code can get into its own network, a ReCoBS, i.e. a remote-controlled web browser, shields the internal network from the Internet and preventively prevents attacks that exploit any security gaps in Internet browsers. But DNS filtering is not just DNS filtering and only the sum of combined measures provides really reliable protection.
Combined countermeasures against ransomware
Anyone who uses ransomware wants to make money quickly in a criminal way. If the malware penetrates the company's IT, it encrypts business-critical data and makes it inaccessible. The attackers then demand a considerable ransom for the decryption. Fearing that sensitive company data could be published or sold, victims often pay large ransoms. “It is always a gamble whether the attackers will release the data again after payment has been received. Medium-sized companies and medium-sized organizations are particularly affected by this – including authorities and companies from the health sector*2,” reports Robert Korherr, Managing Director of ProSoft GmbH. According to a study on ransomware*3, 70% of the German companies surveyed stated that the recovered data was partially or completely damaged. 80% of organizations that paid ransom are attacked a second time by ransomware.
DNS filtering is not just DNS filtering
Unusual DNA activity is a dead giveaway of a ransomware attack. DNS filters provide triple protection here: Drive-by downloads of active content from dangerous websites are often prevented from the outset. The reloading of malware components from command and control servers and the typical data exfiltration before the actual data encryption on the attacker's server are also concrete indications of an active ransomware phase. Traditional DNS filters that work according to the blacklisting principle have to record and classify more than 200.000 new Internet domains every day. IT is vulnerable for the period from detection to integration of the IP addresses of dangerous websites into the blacklist. Whitelisting, on the other hand, offers significant advantages for DNS filters.
A whitelist DNS filter, such as Blue Shield Umbrella, developed by the Austrian hidden champion Blue Shield Security, first blocks all unknown websites and only analyzes those that are actually accessed. The algorithms and AI-supported technologies used in the cloud-based DNS protection shield analyze, detect and block dangers and anomalies with every call in real time. The domain is only placed on the whitelist if it is qualified accordingly. The domains have to constantly qualify to stay on the whitelist. For qualification, Blue Shield Umbrella uses machine learning from historical data, a specially developed sandbox and global cooperation with other manufacturers and organizations.
Remote web browser for high internet security
Another tool for defending against ransomware attacks is ReCoBS TightGate-Pro, developed by Berlin-based m-privacy GmbH. The solution takes a different approach and protects against ransomware that has accidentally already been downloaded. TightGate Pro works as follows: The web browser is no longer running on the workstation computer. Instead, the dedicated TightGate server located in the demilitarized zone (DMZ) runs the browser. The workstation computer only receives the browser's screen output as a video data stream via a function-specific protocol. Due to this physical separation, even accessing a compromised website has no consequences for the internal network.
The sum of combined measures offers maximum protection
Like any other malware, ransomware enters corporate networks through the usual channels such as phishing, spoofing, unpatched vulnerabilities, drive-by downloads, and malware in active Internet content. Technical measures such as antivirus software, log management & SIEM, firewalls, patch management, Endpoint Detection & Response (EDR), Network Detection & Response (NDR) are some of the tools that have proven effective against cyber attacks. However, they will only provide reliable protection if data from different sources are correlated. Organizational measures such as security training and codes of conduct for employees are also an effective measure, because a certain skepticism is also effective against zero-day malware.
More at ProSoft.de
About ProSoft ProSoft was founded in 1989 as a provider of complex software solutions in the large computer environment. Since 1994 the company has focused on network management and IT security solutions for modern, heterogeneous Microsoft Windows infrastructures, including Mac OS, Linux as well as mobile environments and end devices. The experts manage efficient software and hardware for corporations and medium-sized companies and have established themselves as specialists for IT security. In addition, as a value-added distributor (VAD), ProSoft supports manufacturers with the “go-to-market” and the launch of new solutions in the German-speaking part of Europe.