Conquering ransomware with Sophos

| By:
Guest Author

Ransomware is nothing new. In fact, it has dominated the industry in the past two years, and it’s always on the minds of MSPs and SMBs. With two major attacks in quick succession—May’s catastrophic WannaCry attack followed up by June’s Petya attack—everyone is looking for the best option to keep their organizations and end users safe.

The numbers don’t lie: 2016 saw four times as many ransomware attacks as previous years, and some studies warn the volume of attacks in 2017 could double last year’s already astronomical number. With the potential damage to businesses and reputations, ransomware continues to make headlines and data breaches are still a major concern.

While healthcare and financial services are most frequently hit, no industry is immune; 92% of IT firms reported ransomware attacks on their clients. Despite these numbers, only one in four attacks are actually reported, according to the FBI. Although there’s a temptation to simply pay the ransom and move on, the FBI warns that 70% of businesses who paid the ransom were attacked again.

What to do

A ton of industry chatter focuses on having dependable backups, but getting ahead of the problem can save you time and stress. Prevention is always better than recovery. One of the key culprits for WannaCry’s success was a vulnerability in Windows machines, for which Microsoft® had already provided an update. Though patches had been issued to protect against the methods used, not everyone had installed them, so unpatched or out-of-date machines and unsupported operating systems were still vulnerable. By keeping your patching automated, you’ll have proactive protection for your systems and your clients.

Similar to how disk encryption can prevent data breaches when an employee loses a laptop, specifically designed ransomware solutions can save the day for organizations of all sizes. These solutions can show admins exactly how ransomware entered their organization, addressing the most commonly asked question of MSPs and MSSPs alike. New solutions like Sophos Intercept X caught WannaCry and Petya for any businesses that had implemented the product.

Of course, a dependable backup shouldn’t be neglected; it’s good practice not just for ransomware, but for all potential threats. But with the right preparation and tools in place, that backup plan can remain exactly that: a backup, rather than your only chance of recovery.

Human error: the largest attack vector

The bottom line is that the end user is still the largest target for hackers, particularly the advanced social engineering techniques bad actors are employing to fool users. Phishing emails have open rates most marketing departments would kill for, and that speaks to how well-crafted the messaging has become for these attacks.

Educating end users about what these malicious emails and messages are, what they look like, and how to spot telltale signs will help stop an attack at the source. Solutions like Sophos Phish Threat can provide phishing simulations and educate users who fall for these simulated attacks, helping increase the security posture of end users so they won’t fall for a real attack.

More and more, ransomware doesn’t even require the end user to download an attachment, so it’s easier than ever to make a mistake. The more education you provide your end users, the safer your organization will be.

MSPs can make life easier for their clients by maintaining all of these solutions under one umbrella. Endpoint, anti-ransomware, anti-exploit technology, and user education and training can be managed through one vendor, one pane of glass, one management console. It’s challenging enough to prepare for the next attack; simplifying management of these solutions can help keep clients several steps ahead of the next threat.

And with ConnectWise-integrated solutions from trusted vendor partners like Sophos, endpoints and firewalls can work together automatically to keep threats at bay, while features like rollback and root-cause analytics—available through Intercept X—can lock down an attack, restore any damaged files, and help you and your clients analyze exactly what happened so you can plan for the future.