Protecting from ransomware with Cloud App Security (Solution1)

By | July 8, 2017

Ransomware has become the fastest growing malware threat that targeting everyone from home users to corporate networks. Tracking analysis shows that there has been an average of more than 6,000 ransomware attacks every day since January 1, 2016.

Some reports commissioned by Intermedia found that 70 percent of employees were unable to access their files for at least two days, and 30 percent were locked out for five days or more.

The methods for infecting systems with ransomware are similar to other types of malicious software, as are the steps organizations can take to protect themselves. Depending on your level of preparation, ransomware infection can cause minor irritation or wide-scale disruption.

About Ransomware
Ransomware is a cyber attack in which the attacker sends you a file that can block you from accessing your computer and encrypt your own files. The files are sometimes held for ransom and aren’t decrypted until you pay the attacker to restore access to your computer, files or critical LOB apps. Ransomware attacks can affect any computer, home, office, network or server. In fact, because large organizations are made up of many users who may inadvertently open a file that unleashes ransomware across your network, organizations are at even greater risk of being forced to pay the attacker to stop the ransomware and restore access to computers or files.

Ransomware Impact

Ransomware will prevent access to systems or data until a solution is found. If systems are delivering critical services, this can have serious reputational, financial and safety impacts on affected organizations and their customers. Even if the victim has a recent backup of their system, it may still take considerable time to restore normal operations. During this time, organizations may have to invoke their Business Continuity processes.

It is worth noting that if a criminal organization has carried out a successful ransomware attack, questions should be raised about the possibility of more indirect and lasting impacts. For example, how many instances of the ransomware are still present in the system waiting to be activated? How should they be removed, and how should users be warned? Were other types of malware also deployed at the same time?

How to Protect
Detect potential ransomware on your cloud environment by creating CASB policy to update you when suspicious activity is detected, and set up automated actions to prevent ransomware files from being saved to your cloud.
The Microsoft Cloud App Security allow you to detect, prevent and inform you about ransomware attack on user.

Open Cloud App Security Dashboard https://portal.cloudappsecurity.com/

Open Control and then Templates
image[5]
Choose the Potential ransomware activity templates (on the right side choose “+” to create the policy)
image[10]
On the policy make sure that all default settings are correct
image[15]
image[20]

image[28]

image[33]

Note:

Alert – On Alerts you need to configure the following settings:

  • Daily alert limit
  • Send alert as email
  • Governance with notify user, Suspend user

Filters for the policy – its possible to add any ransomware extensions

Conclusion
Ransomware is one of the growing threat and therefore you need to detect and prevent from running on your organization.
Microsoft Cloud App Security is one way to detect ransomware (a fast one) and inform you about the attack.
Another tip is to simulate and check the policy with ransomware simulate script or other way if you have.

(Visited 5,568 times, 1 visits today)

One thought on “Protecting from ransomware with Cloud App Security (Solution1)

Comments are closed.