Our thoughts on the future of digital innovation and the cloud.
Ransomware – How can you mitigate the risk of the next WannaCry?
What Is Ransomware?
Ransomware, What is WannaCry – Ransomware is a malicious software that blocks access to user data or data on the user’s system until the person affected pays a ransom to the person or organization who has blocked the data. More advanced ransomware, such as the WannaCry worm, encrypts the victim’s files, making them inaccessible. Then it demands a ransom to decrypt the data, supposedly allowing the user to access and use them once again.
What Happened with WannaCry?
To date, the WannaCry ransomware attack has affected around a quarter of a million computers around the world, majorly affecting European and Russian devices, and harming institutions and businesses as large as the UK’s National Health Service (NHS), Spain’s Telefónica, and FedEx. WannaCry’s high rate of infection is due to the EternalBlue exploit and DoublePulsar backdoor, thought to have been developed by the US’s National Security Agency (NSA). These exploits helped spread the worm through local networks and remote hosts, infecting other devices.
Like other ransomware software, WannaCry works by encrypting the data on the device in a way that renders it inaccessible to the user. It then asks the user for money in exchange for the data. While it worked in WannaCry’s case, there is usually no guarantee of the data being decrypted for its users, and sometimes the data is lost unconditionally, whether the user pays or not. This goes to show that, unfortunately, when it comes to ransomware and other cyberattack technology, the only way to be safe is by employing preventative strategies.
How Can You Mitigate the Impact of Ransomware?
Ransomware, What is WannaCry – Keeping your device fully updated is an excellent starting point for increasing your overall security. However, an updated device is not necessarily a safe one. With the existence of zero-day exploits, even a fully updated device is still vulnerable to cyberattacks. In fact, the only completely safe way to avoid this nightmare scenario is to keep no meaningful data on your devices.
Fortunately, achieving this is a great deal easier than it sounds. By adopting an application and desktop delivery solution such as Parallels® Remote Application Server (RAS), organizations can deliver centrally-hosted Windows applications and desktops to local devices without the necessity of having them installed locally.
Desktop and application delivery allows for the creation, modification, or deletion of images, and separates the environment from the physical device that accesses it. This means that in the case of an employee falling victim to a ransomware, phishing attack, or a worm working its way onto a computer through alternative means, the data will remain safely segregated on the server system.
Moreover, Parallels RAS protects an organization’s assets from data leakage and malicious activity. Highly granular access permission based on user, device, IP addresses, and location can be combined with SSL encryption, two-factor authentication (2FA) and smart card authentication. Read more.
Parallels RAS can help your organization by:
- Protecting corporate assets from infection and keeping sensitive data off the end point by publishing within a virtualized workspace.
- Locking down and securing published browsers, with the ability to centrally deactivate or disable unnecessary active content or other capabilities not required in order to limit attack surface.
- Publishing specifically approved applications, such as browsers, that are approved by the organization. Application versions can be controlled and managed centrally.
- Reducing the risk of email-borne malware from infecting end points by publishing a virtualized email client. This email client would have the needed security configurations standardized and consistent for all users, on any device.
- Managing and locking down the end-user Windows platform (and transforming a rich client into a thin client) by replacing the desktop and even putting the device in Kiosk mode. This reduces the attack surface area of the end-point device while providing an easier way for users to quickly access the published resources.
- Securing devices against attack with measures including containerization, encryption, and 2FA, as well as restricting user access by MAC address, Active Directory group, IP address, and type of device.
This post comes to you courtesy of Parallels, who Invero is proud to be a partner with. Contact us today to learn how you can start your 30-day free trial of Parallels Remote Application Server (RAS).