The Korea Herald

소아쌤

Down-to-earth solution against ransomware for security administrators

By KH디지털1

Published : Jan. 22, 2016 - 10:25

    • Link copied

Recently, more and more criminals are using ransomware, a type of malware that restricts user’s access to a computer system or encrypts data(office files, pictures, videos etc.), then demands payment to remove the ransomware and restore the files or systems.

AhnLab, Korea’s leading cybersecurity company, said in its recent report that both the number of 3 major ransomwares, CryptoLocker, CryptoWall and Teslacrypt, and the number of PCs those hit by them in Korea is growing fast from September to November 2015 in Korea.



The main target of the ransomware is the general public, which means the individuals in business or other organization can be the victim. What makes security managers frustrated in the organizations is this: when the employees are infected by the ransomware, it can result in serious damages to the organization, such as the halt of business continuity due to the encryption of critical data or important files developed in decades. Even worse, some security vendors are taking advantage of this ransomware crisis to position their scarcely matched solutions as a ‘silver bullet’ for all kinds of ransomware.

According to the security experts, in order to sensibly respond to ransomware, security managers are better to find ‘down-to-earth’ answers such as: searching and activating the function that work as anti-ransomware in the existing security solutions; finding a new solution that supports network to endpoint protection, not just specific security layer; checking the anti-ransomware technology is actionable.

AhnLab provides state-of-art solution that can help security managers practically to reduce the damages from security threats including the ransomware.

Spear phishing emails, malicious attachment or URLs in the spam mail and Drive-by-Download attack are the attackers’ favored methods to get initial entry. AhnLab MDS offers advanced malware protection capability both in network and endpoint using static and dynamic analysis. The solution also can reduce the actual infection of endpoint by providing ‘Execution Holding’ function; it prevents the execution of suspicious files, such as unknown ransomware, in the endpoints and then analyzes them in the embedded sandbox. It also supports MTA configuration, which quarantines new malware and/or variants that attempt to infiltrate the network via email attachment in real-time .

The company also provides AhnLab EPS, the optimized security solution for fixed function system such as POS and industrial system, which provides combination of blacklist based and whitelist based threat protection. EPS scans the system with tons of malware signature data in the server (Blacklist based protection), including ransomware, and allows only ‘approved’ application by administrator(whitelist based protection). The administrator can block any of IPs, ports and the usage of external storage device rather than it is approved so that it can reduce the chance to be infected by malware such as ransomware.