Data Loss Prevention Blog

Ransomware - Endpoint Strategies to Help Thwart the Virtual Holdup

It’s no secret that ransomware attacks are on the upswing. In a highly publicized incident earlier this year, the Hollywood Presbyterian Medical Center paid $17,000 to attackers to obtain a decryption key after it suffered a nasty ransomware attack. With attacks increasing, and even the Mac OS X being targeted with the KeRanger ransomware, what can an organization do to ensure they are minimizing their risk and thwarting the virtual holdup?

Many ransomware attacks originate as a phishing scam where the hacker sends what looks like a legitimate email, perhaps a bill or an invoice, with a file attached, often a Word document that has a reasonable chance of being opened by the recipient. The recipient opens the email, clicks on the Word file and up pops up an 'enable content' yellow bar that is similar to the familiar Enable Editing option prompt. When you click on that, game over. The ransomware is installed, and so begins the process of locking and/or encrypting your files. At that point, the hacker extortionist sends a demand for ransom usually via a non-traceable crypto currency such as Bitcoin in exchange for a decryption key.

With organizations tightening their grip on external perimeter threats by implementing next generation firewalls, anti-virus/anti-malware software, email scanning, content filtering and better staff training to identify suspicious emails, hackers are now looking at other ways to attack endpoints via infected USB devices and other media in order to introduce the ransomware and other malware onto a target company’s computer systems.

While firewalls, anti-malware, anti-virus, email screening and staff training are important to combating ransomware attacks, locking down computer endpoints in terms of what kind of devices or media can be connected to them and what types of files can be accessed are critical pieces of the puzzle. This is exactly where DeviceLock’s endpoint Data Leak Prevention (DLP) solutions come into the conversation.

In the case of ransomware, ironically, DeviceLock’s normal focus on protecting against sensitive data leaking outbound from an organization takes a back seat to its age-old abilities to contextually block several common inbound avenues for ransomware and other malware from attacking your organization at the computer endpoint layer. DeviceLock provides control over the peripheral ports, device media, and some common network-facing applications (i.e. webmails, instant messengers, FTP, Torrents, etc.) that can be accessed at an endpoint computer as well as controlling the types of files that can be accessed from removable media, chat sessions, and more.

In many cases, DeviceLock’s contextual security can be your first line of defense in mitigating ransomware and malware attacks via your endpoint computers by reducing the threat exposure to only the duly authorized devices and network channels that are allowed to be used by only the explicitly assigned users and groups. While DeviceLock can not claim to be in the actual “malware prevention” market, our solution can certainly mitigate the threats of malware and ransomware introduction if used in a “least privilege” approach to policy as recommended.

Using DeviceLock, access to a particular drive, such as a CD drive, or to devices attached via a USB port can be blocked totally, made read-only, and/or you can make sure that certain file types cannot be accessed (and therefore not “executable”). In the case of ransomware or malware prevention, you could configure the policy to block access to any file types for removable media types that are riskier, like “executables”, “archives” and others that tend to transport or install malware.

DeviceLock has been providing the industry’s most trusted endpoint DLP solutions since 1996, and offers endpoint control and data leak prevention software to some of the world’s most security intensive environments that include healthcare organizations, government agencies, defense contractors, pharmaceutical companies, academic institutions, financial and legal firms in over 100 countries.

Ransomware and other malicious malware are problems that require a multi-faceted strategy to both reduce the risk and to thwart attacks before they can happen. Endpoint data protection via DeviceLock’s DLP solution provides another critical level and type of defense to organizations as they work to deal with this serious and potentially costly threat.

If you’d like to trial the DeviceLock DLP Suite for 30 days, please visit our website at: For more information on DeviceLock’s DLP solutions, call us at 925-231-4400 or email to us.sales (at) to talk to one of our endpoint security specialists.