As a subscriber to a few online security and data management communities, I have been noticing more ransomware articles than usual. It really hasn’t been surprising though. When a ransomware attack manages to disrupt the fuel supply to much of the U.S. east coast for several days, another forces a beef processing and distribution company to shut down operations, and another demands a $50 Million ransom payment (the largest ransom demand ever) from a PC manufacturer, it tends to get increased attention.
Many of the articles I have read have covered ransomware statistics and have provided very detailed analysis of the ransomware types, the responses from the organizations that were attacked, and some high-level recommendations for lessening the effects of a ransomware attack. Among these recommendations, none of the articles I have read have covered the need for organizations to restrict network access so that the ransomware is controlled in its propagation across the network.
Ransomware and other phishing attacks vary in sophistication, but they all follow a basic pattern of being introduced into a company as a disguised email attachment such as an invoice or through a nefarious link on the web. Once the attachment is opened or the site has been visited, the ransomware finds its way to locations on the network where the user has access and begins encrypting files. The user is informed that the ransomware has been installed, that it is encrypting company files, and that in order to pay for the key to decrypt the files, that the company will need to pay a ransom.
So, if you prepare for a ransomware attack beforehand by limiting users to only those network areas where they need access, the ransomware can be restricted in its propagation to just a limited area of the network, thus reducing the number of files that become encrypted, and the number of files that need to be identified and replaced from your backup system.
We recently published a Flash Point Paper on this, Ransomware Relies on Poor Data Access Governance, where we compare an organization’s network to a building with rooms that are protected by firewalls. Similar to when a fire starts in a room, the fire is confined to the room because of the room’s firewall. Think of network user access restrictions as a room firewall and it’s a concept that is easy to understand.
The Flash Point Paper introduces the objective of Data Access Governance (DAG), which is the restriction of access to unstructured data on the network to only those users who should have access. When properly implemented, Data Access Governance cannot only keep high-value data secure and help address compliance to objectives, but it can also limit the devastating effects of a ransomware attack.
See how to analyze file system data to gain insight into what data you have, who has access, and how access is derived with File Analysis Suite for Data Access.
Join our Data Discovery Community. Have technical questions about Data Discover products? Visit the Data Discovery discussion forum. Keep up with the latest Tips & Info about Data Discovery. We’d love to hear your thoughts on this blog. Log in or register to comment below.