eBooks/eGuides

CHAPTER 5 Ten Key Ransomware Defense Takeaways 41 These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. In most cases, your files will be decrypted if you pay the ransom, but there's no guarantee. Although it's in the cybercriminals' best interests to restore your files if you pay the ransom (if a ransom- ware campaign gains a reputation for not decrypting files when the ransom is paid, then there is no reason for future victims to pay the ransom), there's no honor among thieves. This is particu- larly true with the emergence of RaaS (discussed in the preceding section) because a "newbie" cybercriminal may not see the bigger picture. Also, if the encryption key doesn't work for some reason, you can't just call customer service! There's also no guarantee that the perpetrator didn't install other malware or exploit kits to facilitate future cyberattacks against your organization. A copy of your files may also have been exfil- trated for other purposes, such as selling your organization's sensitive information on the dark web. Paying a ransom directly funds and perpetuates future cyber- crime. It's exactly the same thing as paying a ransom to terrorists or rogue nation-states in exchange for hostages. It emboldens, encourages, and finances future such acts. Finally, paying a ransom doesn't negate the fact that a serious security breach has occurred in your organization. Depending on the nature, scope, and circumstances of the breach, and the industry regulations and legal jurisdictions that your organization is subject to, you may be required to publicly disclose the breach and pay severe fines and penalties — kind of a slap in the face after already paying a ransom! To mitigate potential damage from a ransomware attack, organi- zations should always ensure they maintain periodic, known good backups of all important files and current images of all critical systems. Build a Layered Security Architecture Based on Open Standards Open and extensible standards enable a "new best-of-breed" architecture that allows new and existing security technologies to be easily integrated into a comprehensive security solution.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Foolish Assumptions
• Icons Used in This Book
• Beyond the Book
• Chapter 1 What Is Ransomware?
• Defining Ransomware
• Recognizing Ransomware in the Modern Threat Landscape
• Understanding How Ransomware Operates
• Chapter 2 Implementing Best Practices to Reduce Ransomware Risks
• Before an Attack: Discover, Enforce, Harden
• During an Attack: Detect, Block, and Defend
• After an Attack: Scope, Contain, and Remediate
• Chapter 3 Building the "New Best-of-Breed" Security Architecture
• Recognizing the Limitations of Current Security Designs
• Defining the "New Best-of-Breed" Security Architecture
• Chapter 4 Deploying Cisco Ransomware Defense
• Leveraging DNS as the First Line of Defense in the Cloud
• Securing Endpoints and Addressing Email Threats
• Cisco Advanced Malware Protection (AMP) for Endpoints
• Cisco Email Security with Advanced Malware Protection (AMP)
• Protecting the Network with Next-Generation Firewalls and Segmentation
• Cisco Firepower Next-Generation Firewall (NGFW)
• Use the network as a sensor and enforcer
• Streamlining Deployments and Bolstering Incident Response
• Chapter 5 Ten Key Ransomware Defense Takeaways
• Ransomware Is Evolving
• Ransomware-as-a-Service Is an Emerging Threat
• Paying a Ransom Doesn't Solve Your Security Problems
• Build a Layered Security Architecture Based on Open Standards
• Deploy Integrated, Best-of-Breed Solutions
• Embed Security throughout Your Network Environment
• Reduce Complexity in Your Security Environment
• Leverage Cloud-Based, Real-Time Threat Intelligence
• Automate Security Actions to Reduce Response Time
• See Something, Say Something
• EULA