Is ransomware echt te stoppen?
Deze malware steelt je data niet, maar doet er wel alles aan de boel te slopen als je niet betaalt. Maar wat als je de malware uit kan schakelen voordat het je bestanden kan versleutelen? Wat als de malware je bestanden helemaal niet kan “zien”? Wij spraken met een bedrijf die claimt dat te kunnen.
Webwereld selecteert hier interessante artikelen uit het internationale netwerk van onze uitgever IDG.
Ransomware is one of the most worrisome types of malware.
It doesn’t steal your data; it threatens to cripple your business — to tie up the resources that you need to service your customers, produce your products, send invoices, pay your bills. And even paying the ransom does not guarantee that you’ll regain control of your systems. In fact, it encourages the perpetrators to continue using their tools to attack other organizations and maybe even come back your way.
The cautions routinely offered to keep you from being victimized include backing up your data to multiple locations, being more cautious online, using tools to detect intrusions and the presence of malware, limiting access privileges, etc.
But what if you could disable malware before it ever had a chance to touch your files? What if ransomware couldn’t “see” your files at all, never mind leave them encrypted and inaccessible?
The product is called “SES-RDe” — not exactly a name that’s going to easily stick in your mind but, since it stands for “Stormshield Endpoint Security-Ransomware Defense edition,” I’m happy to have an acronym available. And its basic claim to fame is that it stops ransomware from being able to access — even “see” — files on your systems. It does this using “extension whitelisting.” In other words, it controls what applications have access to files based on their file extensions.
RDe limits access to files to the known (validated by executable signed certificate or checksum) and authorized applications. For example, only Microsoft Office applications can access Word documents and Excel spreadsheets. As a result, ransomware applications are not given any privileges at all.