Amichai Shulman, CTO and Co-Founder at Imperva:
“Organizations should have good backup processes and real time file activity monitoring in place. The former ensures that no long-term damage can be done either on a work station or a file share. The latter ensures that infected individual machines cannot affect file servers.
The interesting thing about this attack vector is that it shows how simple Ransomware is and how easy it is to inflict damage. We tend to think of hacking as though it was rocket science and hence organizations are always going to be on the losing end. In reality, hacking is most often simple and mitigating it requires proper attention and tools which do exist and are within reach of most enterprises. Hacking is a serious business and enterprises should therefore treat information security seriously.”
Javvad Malik, Security Advocate at AlienVault:
“This is a rather new approach, there haven’t been many JS-only attacks, but from an attacker’s point of view it is relatively easy to compile and get out of the door.
The fortunate thing is that JS file attachments are extremely uncommon for emails. After all, JS is written primarily for the web to interact with browsers as opposed to end clients. So, blocking JS file attachments would be a good first step and it won’t adversely impact the majority of organisations.
From a user perspective, awareness and vigilance remains important. Clicking on attachments from unknown sources should be avoided, particularly if they are in non-standard or expected formats.
Additionally, looking at the broad picture – unfortunately it doesn’t look like ransomware campaigns are slowing down. We’ll see more variants distributed in different ways. Some will be more sophisticated than others and with varying degrees of success. The appeal of ransomware is that it creates value and a market where there otherwise would not be. Stealing or leaking data doesn’t have the same financial reward as holding data to ransom – data that could be very personal to someone, could be critical to business, or even critical to life in the cases of hospitals.
The security industry needs to continually streamline the way it detects and responds to these threats – in particular by having more collaboration and threat sharing to better spot and stop attacks.”
Jonathan Sander, VP of Product Strategy at Lieberman Software:
Mark James, Security Specialist at ESET:
“There are many ways to protect against this type of threat that may include measures like disabling windows script host (WSH) or simply having rules set up to manage any attachments that contain .js files.
As in most cases it’s often about pre-empting the current threat vector and trying to take away the actual danger from the end user. Having policies in place to quarantine potential dangerous attachments for checking later is a great way to protect your very valuable data from user error or “silly mistakes”.
Security these days has to be a combined effort from the user and the IT team; relying on just one could leave you exposed. With so many threats coming in to your organisation through email attachments utilising the inbuilt protection methods is a must if you want to keep safe in this modern day cyberwar.
Ensuring you’re using a good regular updating internet security product will help if mistakes do happen and keeping your operating system and applications patched and updated will also help in keeping you safe and secure.”