Malwarebytes expert on reducing the risk of ransomware
High-profile ransomware attacks have hit the headlines in recent years; in part due to the devastating consequences they have had on the critical systems of global organisations. It’s important that businesses are protected against these kinds of attacks, with vendors and their channel partners playing a crucial role in the line of defence. We find out more from Malwarebytes’ Chris Green, Vice President Middle East, Africa and Turkey.
Why is ransomware such a popular attack method for cybercriminals?
Ransomware has been around since the late 80s. In recent times, the rise of cryptocurrency and the evaluation, as well as the supposedly high anonymity for these cryptocurrencies, established it as a money generator. We’ve seen numerous attacks over the last couple of years that have brought organisations and businesses alike to their knees.
Without data, businesses are paralysed. Hackers know this and they also know that the fear of prolonged downtime increases the high probability of payment. They just need a few victims to pay in order to make their efforts worthwhile. Alongside this, cryptocurrency has automated the whole process including the money/currency transfer into wallets that the criminals control, so it’s particularly easy to hold crypto ransom. In short, ransomware is efficient and lucrative.
Why are ransomware attacks so dangerous for organisations/businesses?
Ransomware is highly adaptable and the way in which an attack is structured changes rapidly. It can be hard for companies to keep pace with an enemy that keeps morphing.
There are two key reasons why ransomware is so dangerous. Firstly, those that pay the ransom often don’t get their data back in any fit shape. Secondly, once a hacker has stolen a company’s data, not enough companies have the right policies and technologies in place to operate even at a basic level.
Many companies don’t back up their data as often as they should and, as such, they aren’t able to ‘roll back’ in any meaningful way.
What’s the most common way for ransomware to spread?
Ransomware usually spreads through spam and social engineering (something like a ‘CV’ to the HR department or ‘invoice’ to Finance) or, in the case of SamSam, direct injection into the endpoint if attackers have done their system surveillance.
What is the best way to defend against ransomware?
A company’s prevention strategy should focus on three key areas:
Firstly, make sure you invest in a cybersecurity solution with real-time protection that’s designed to thwart advanced malware attacks such as ransomware. Be sure to ask if it has features that will both shield vulnerable programs from threats (an anti-exploit technology) as well as block ransomware from holding files hostage.
Secondly, ensure you create secure backups of your data on a regular basis so that if you’re hit it’s possible to ‘roll back.’
And thirdly because many ransomware and other malware attacks take advantages in software systems, make sure your systems and software are updated, otherwise you will be left open to attack.
What is the best approach for businesses to take, should they be targeted by ransomware?
More often than not, it is employees who are the first to spot attacks, and so it’s key to educate them on a regular basis about what to do if they think ransomware has infiltrated the corporate network.
There are two different types of ransomware – screen-locking ransomware and encrypting ransomware. Regardless of which category of ransomware you think you’ve become a victim of, the first step is to check it is real. Fraudsters rely on people to panic and pay the ransom.
Once it’s been determined that it’s real, companies need to follow some important steps:
- Disconnect the machine or device from the network in order to try and contain the infection
- Employees should not try to restart their computers in case it erases information that could be useful when it comes to analysing the attack
- Inform the IT department who will then take steps to identify the type of ransomware and attempt to restore data through backup servers
How does Malwarebytes work with its channel partners to provide effective solutions for enterprises?
We are a completely two-tier channel, in which partners purchase the Malwarebytes platform through our distributor, and fully believe that the fastest way to grow is with a committed and educated channel.
When you team up with Malwarebytes, you are not only improving your business – you are improving your customers’ businesses by protecting them from malware. Channel partners that sell our powerful solutions, combat the world’s most harmful threats and solve their customers’ unique security challenges.
Where Malwarebytes is different from the normal partner programmes is that resellers move up the tiers through approved deal registration and are not tied to a certain amount of achieved revenue or technical certifications. We do this because we know that our partners understand their business inside out and invest where they see they can make a healthy profit.
How does Malwarebytes integrate with other technology partners to make solutions more powerful and efficient for customers?
We integrate into Service Now and many more in order to make the job of the admin and security specialist in your organisation, as easy and painless as possible, while at the same time making companies as safe as possible.
How do Malwarebytes channel partners train customers to effectively use their solutions?
We do a complete channel onboarding process with our partners ranging from product, sales and pre/post sales training. In terms of effectively training our customers to use their solution, a lot of our partners will do project handovers once the installation is complete which includes product training.
Some will also sell our additional quick start services (QSS) where our technical account managers will help the customer IT team deploy and configure your Malwarebytes solutions in the shortest time possible.
The QSS engagement will typically begin with an assessment of your security topography, followed by the mapping of a deployment strategy, timelines, milestones and training. So depending on the company size we would recommend bronze, silver or gold services which offer a range of interaction.