It’s no secret that ransomware attacks are on the upswing. With attacks increasing, and even the Mac OS X being targeted with the KeRanger ransomware, what can an organization do to ensure they are minimizing their risk and thwarting the virtual holdup?

Many ransomware attacks originate as a phishing scam where the hacker sends what looks like a legitimate email, perhaps a bill or an invoice, with a file attached, often a Word document that has a reasonable chance of being opened by the recipient. The recipient opens the email, clicks on the Word file and up pops up an 'enable content' yellow bar that is similar to the familiar Enable Editing option prompt. When you click on that, game over. The ransomware is installed, and so begins the process of locking and/or encrypting your files. At that point, the hacker extortionist sends a demand for ransom usually via a non-traceable crypto currency such as Bitcoin in exchange for a decryption key.

With organizations tightening their grip on external perimeter threats by implementing next generation firewalls, anti-virus/anti-malware software, email scanning, content filtering and better staff training to identify suspicious emails, hackers are now looking at other ways to attack endpoints via infected USB devices and other media in order to introduce the ransomware and other malware onto a target company’s computer systems.

While firewalls, anti-malware, anti-virus, email screening and staff training are important to combating ransomware attacks, locking down computer endpoints in terms of what kind of devices or media can be connected to them and what types of files can be accessed are critical pieces of the puzzle. This is exactly where DeviceLock’s endpoint Data Leak Prevention (DLP) solutions come into the conversation.

In the case of ransomware, ironically, DeviceLock’s normal focus on protecting against sensitive data leaking outbound from an organization takes a back seat to its age-old abilities to contextually block several common inbound avenues for ransomware and other malware from attacking your organization at the computer endpoint layer. DeviceLock provides control over the peripheral ports, device media, and some common network-facing applications (i.e. webmails, instant messengers, FTP, Torrents, etc.) that can be accessed at an endpoint computer as well as controlling the types of files that can be accessed from removable media, chat sessions, and more.

In many cases, DeviceLock’s contextual security can be your first line of defense in mitigating ransomware and malware attacks via your endpoint computers by reducing the threat exposure to only the duly authorized devices and network channels that are allowed to be used by only the explicitly assigned users and groups. While DeviceLock cannot claim to be in the actual “malware prevention” market, our solution can certainly mitigate the threats of malware and ransomware introduction if used in a “least privilege” approach to policy as recommended.

Using DeviceLock, access to a particular drive, such as a CD drive, or to devices attached via a USB port can be blocked totally, made read-only, and/or you can make sure that certain file types cannot be accessed (and therefore not “executable”). In the case of ransomware or malware prevention, you could configure the policy to block access to any file types for removable media types that are riskier, like “executables”, “archives” and others that tend to transport or install malware.