A new LokiLocker ransomware family has been spotted with a built-in wiper that targets English-speaking victims, capable of erasing all non-system files from infected Windows PCs. This proves ransomware is not just a malware problem.
Ransomware isn’t solely a malware problem, bad actors want access to your data, so it really is a data security and access problem. However, many organizations are missing the point. For instance, as phishing is a common vector, many companies invest in email security and anti-virus to stop the malware. While this is a good best practice that will thwart many attacks; ransomware still makes its way in. This is like chasing shadows. What happens when there are new malware variants that leverage different vulnerabilities and penetration techniques? Can your anti-virus keep up? Time and again these advanced ransomware attacks aim to render traditional defenses useless.
When we look at what ransomware does, it leverages a users’ access within an organization to encrypt sensitive files (and often also steal). The authentication given to a user defines the level of damage the hacker will do. Therefore, a zero-trust, identity-first approach is critical. To prevent ransomware, you can’t just lock down data, you need a clear method of verifying all identities within an organization, whether human or machine.
This is where the combination of identity-first approaches combined with PKI certificates enable immutable proof that ‘this person (or entity) is who they say they are.’ When combining identity-first principles with least privilege data access security, ransomware attacks can be stopped in their tracks, and in some cases prevented entirely. Ultimately, ransomware attacks are mitigated, or even cut off at the source, and organizations aren’t left endlessly chasing shadows or putting out fires.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics