Local admin management and greylisting effective against ransomware

​Application control, such as greylisting, paired with selective local admin rights management, is 100 per cent effective against ransomware and unwanted file encryption.

This is according to CyberArk Labs’ new report, based on the analysis of more than 23,000 real-world samples from common ransomware families, such as Cryptolocker, Petya and Locky. More than 30 different malware families were tested, and the results posted in the report entitled “Analysing Ransomware and Potential Mitigation Strategies.”

The greylisting method was compared to the effectiveness of other, known strategies, such as anti-virus software which relies on blacklists.

“Ransomware has emerged as a credible and opportunistic tactic for attackers, leaving infected organisations with the difficult choice of abandoning hijacked data or paying cybercriminals for the chance to retrieve their files,” said Chen Bitan, general manager, EMEA & APJ, CyberArk.

“By analysing how ransomware typically behaves, we’ve been able to gain critical insight into how to help protect against these attacks. Moving beyond traditional anti-virus solutions, which are not effective in blocking ransomware, and adopting a proactive approach to endpoint and server security is an important step in protecting against this fast-moving and morphing malware.”

There are also ransomware strains that don’t even require local admin rights, the report says. Almost three quarters (70 per cent) would try to gain admin access rights, just 10 per cent would fail to execute without these rights. That’s why a combination of the removal of local admin rights, and greylisting, was seen as 100 per cent successful.

Image source: Shutterstock/Martial Red