Ransomware is one of the most serious security threats businesses face today. It calls for an equally robust response, far beyond cautioning users about suspicious emails. A multi-layered approach is required to reduce exposure to ransomware attacks and also to recover encrypted data more quickly and effectively.
Citrix Workspace solutions provide an integrated and flexible framework to secure apps, data and the network from infection by malware of all kinds. By publishing virtual web browsers and email clients with Citrix Virtual Apps, IT can isolate endpoints from the corporate network and ensure that infected hosts are unable to further spread ransomware and place more of the company's data at risk.
Furthermore, Citrix Endpoint Management enables secure mobility through containerisation to protect data on smartphones and tablets. Citrix Content Collaboration captures versions of files in real time to ensure that a clean version is always available to replace a file that has been encrypted by ransomware. In this way, IT can protect the business and its data, minimise disruptions and avoid rewarding hackers for their illicit activity.
Prevent digital extortion by introducing a multi-layered approach, it will help reduce exposure and recover encrypted data more quickly and effectively.
Recent years have seen the internet swarmed with several variants of ransomware with names like Cryptolocker, Locky, KeRanger, CryptoWall and TeslaCrypt. Initially targeting consumers, these scripts increasingly target victims with highly sensitive, high-value data such as healthcare, banking, legal and financial institutions.
Once activated by an unwitting user, the ransomware calls home to a command-and-control server to acquire a unique, randomly created AES encryption key, then applies it to critical files found on local, network and cloud-connected drives.
At that point, this data is entirely under the control of the hacker, who demands the prompt payment of a ransom to recover it or prevent its disclosure. This amount may range from hundreds of Rands for individual consumers to many thousands for a business. Payments are often demanded in Bitcoin, further complicating a business response.
As an illicit business model, ransomware is as effective as it is simple, reportedly earning hundreds of millions of dollars for the Cryptowall script alone. For the victim organisation, recovering access to data and systems can literally be a matter of life and death, as in the case of a hospital where electronic medical records (EMR) as well as the systems responsible for CT scans, documentation, lab work and pharmacy functions have been rendered unavailable.
Targeted companies in every industry including education, utilities, retail, finance and government. They face dire consequences as well, including losing access to core business functions such as email and payroll, the customer information to deliver services, and the production data on which operations depend.
Even without the countdown timer displayed by most ransomware, the urgency of a response is all too clear. Paying the ransom, typically in Bitcoin through a selfservice process, is an unappealing prospect; doing so incurs a cost, rewards criminal activity and strengthens the incentive for such attacks throughout the industry.
Citrix solutions enable four highly effective measures for reducing your exposure to ransomware and keeping apps and data accessible to authorised users — not hackers and their clients. Virtualisation, enterprise mobility management and enterprise file synchronisation make it possible to insulate computers, tablets, smartphones and other endpoints against ransomware infection, and to recover quickly in the event of a breach.
Here are the four measures for reducing your exposure to ransomware and keeping apps and data accessible to authorised users:
- Shield web app users from infection and keep sensitive data off the endpoint by publishing virtualised, sandboxed and hardened browsers rather than relying on the locally installed, over-configured and over-connected browsers.
- Prevent email-borne ransomware from compromising the endpoint by publishing a virtualised, sandboxed and hardened email client.
- Protect mobile devices against attack with measures including containerisation, encryption, blacklists and whitelists, and device compliance checks.
- Ensure the rapid recovery of ransomware-encrypted data with a secure and robust enterprise file sync and sharing service.
Reports have begun to surface of “boneidleware”, malware that emulates ransomware and elicits payment, but deletes data rather than encrypting it, leaving paid-up victims empty-handed. Refusing to pay can be even worse.
IT must respond quickly by shutting off system and networks to prevent ransomware from spreading - a considerable disruption - and restoring encrypted data from the most recent backup. Even then, the encrypted data still remains in the hands of the hacker, who will doubtlessly punish the uncooperative victim and aim to monetise the attack another way through its sale or leak.
The traditional approach for mitigating ransomware revolves around user education, anti-malware, frequent backups — and keeping a supply of Bitcoin on hand just in case. These are sensible measures, but they’re not nearly enough, as proven by numerous spectacular failures. What’s needed is a more robust, systems-level approach designed to keep data out of harm’s way entirely.
Citrix has long helped customers secure their apps, data and systems against attack through a more secure architecture complemented with robust technologies for secure access control, secure mobility, data protection, risk management and business continuity.
As the threat of ransomware continues to grow, Citrix provides solutions and best practices to help prevent breaches, and to ensure that data remains available in the event that an attack does occur. We strongly recommend the four following components of the Citrix Workspace as essential methods of a complete enterprise strategy for security and data protection.