Application Control – the most effective remedy for Ransomware
The word “Ransomware” is on everyone’s lips right now, so everyone is trying to sell their solution on the back of this wave of interest. In the current coverage of the massive global Ransomware attack, you can read that the safest protection against such attacks would be to use a backup solution and an antivirus with the latest signatures.
What is fascinating is the fact that one of the most effective protective components is usually completely overlooked: Application Control with a Whitelist of approved applications. This is a very useful extension for any antivirus tool in any event, as it can stop not only known, but also unknown viruses. And it is exactly this additional function that helps against Ransomware particularly well.
But first, here is a brief analysis of everything else that is recommended.
- – Patch management– clearly this is very important. However, in actual fact it mostly helps against the spreading of the Ransomware, and rarely against the Ransomware itself.
- – Backup– this is also a good thing. Nevertheless, backup does not help against Ransomware, but only limits its damage. This is a bit like a household insurance. With a break-in, for example, all the valuables and the TV are gone, but at least you get something back. However, you don’t get everything back – as with Ramsomware attacks the last files are no longer available .
- – No longer saving things locally. This can help but doesn’t always. It can, however, make daily work far more difficult. The more flexible you try to design it, the more counter-productive it gets.
- – Awareness is always required, i.e. the informing of employees. This is also an important measure, but one cannot rely on it. No matter how often someone is informed, mistakes are always made. In addition, the attacks are also getting more sophisticated. Therefore you can either no longer open any more files and therefore certainly not work, or you are always in danger of starting a Ransomware. Moreover, it cannot only be the user’s job to protect themselves, especially if there are tools that can ensure protection quite reliably.
- – An antivirus solution is generally a must, but only helps, as mentioned, against known viruses. All new malicious software versions have a free hand for several hours, and even several days. And these hours in the digital world correspond to years in the more normal world. And logically, every new virus is changed until it is not detected by any anti-virus software, because they are all available for testing.
And this is exactly where we come to the solution. Would you want to regulate access to your company or your bank by giving a doorman 350,000,000 photos of all known criminals worldwide? And also describe to him the patterns that make someone who is not in this list suspicious, for example because he is wearing a mask or has an empty purse with him? Alternatively, you could give the porter the list of 20-30 people who are allowed to enter the building, and all others have no access and can be added to the list only after a review. I think you’ll agree that this path is not only easier, but also significantly safer. And this is how application control works.
And as already mentioned, this helps particularly well against Ransomware.
Of course, there is no such thing as 100% protection – this will never happen. Security software is there to minimize the risks as far as possible …
The recommendation, in any case, is to implement several protective measures. However, Application Control with Whitelist is the most effective, so you should not forget it.