Application control is a solid defense against ransomware

​Application control, such as greylisting, paired with selective local admin rights management, is 100 percent effective against ransomware and unwanted file encryption.

This is according to CyberArk Labs’ new report, based on the analysis of more than 23,000 real-world samples from common ransomware families, such as Cryptolocker, Petya and Locky. More than 30 different malware families were tested, and the results posted in the report entitled Analyzing Ransomware and Potential Mitigation Strategies.

The greylisting method was compared to the effectiveness of other, known strategies, such as anti-virus software which relies on blacklists.

"Ransomware has emerged as a credible and opportunistic tactic for attackers, leaving infected organizations with the difficult choice of abandoning hijacked data or paying cybercriminals for the chance to retrieve their files", says Chen Bitan, general manager, EMEA and APJ, CyberArk.

"By analyzing how ransomware typically behaves, we’ve been able to gain critical insight into how to help protect against these attacks. Moving beyond traditional anti-virus solutions, which are not effective in blocking ransomware, and adopting a proactive approach to endpoint and server security is an important step in protecting against this fast-moving and morphing malware".

There are also ransomware strains that don’t even require local admin rights, the report says. Almost three quarters (70 percent) would try to gain admin access rights, just 10 per cent would fail to execute without these rights. That’s why a combination of the removal of local admin rights, and greylisting, is seen as 100 percent successful.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Photo credit: 75tiks / Shutterstock