Use virtual containers to isolate ransomware

Keeping suspicious files and connections in a separate container – a virtual space isolated from the rest of the network – is a savvy strategy that can save you time and money

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Keeping internal networks safe from the ravages of the Internet is increasingly hard, but virtual container solutions allow users to function normally while preventing the “deplorables” of the Internet– malware, exploits, and other negative phenomena – from reaching files and sensitive data.

Keeping suspicious files and connections in a separate container – a virtual space isolated from the rest of the network – is a savvy strategy that can save you a great deal of trouble and expense.

According to industry statistics, over 90% of all malware attacks – including ransomware – have their origins in a nefarious Internet connection, like a link that automatically downloads a trojan to a user's computer, or in an attachment that contains code that connects to a C&C server that installs the malware. Once done, it's a matter of time before the ransomware is delivered – and all hell breaks loose in the organization.

Relying on users to avoid illicit links or attachments obviously doesn't work; there isn't a hospital, school, or company that doesn't warn against clicking on “suspicious” objects, so the fact that computer malware infections – and ransomware threatsgrow annually means that the “don't click” system isn't working.

Which is why the best strategy is to keep personnel away from dangerous connections and attachments. Not by limiting the ability to surf the Internet via whitelists or restricting access to content in messages like attachments; that would interfere with the flow of work. Instead, organizations should install virtual container solutions, which keep negative phenomena away from important files and from the internal network, while allowing the flow of work to proceed.

Under a scheme like this, whenever an employee surfs the web or an attachment comes in, all the connections and/or engagement with the attachment are made in a virtual container. The application actually runs inside the container, so the connection and/or data that is read remains there as well, while users can read, hear or view it. The virtual container isolates applications and data from the computer’s real file system, registry, memory and network connections. It effectively traps malware inside where it can do no harm.

Attachments – among the most common access tools for hackers– are kept in the segregated area. Ditto for downloaded documents, spreadsheets, and other “legitimate” files that could be infected with poison macros, etc. The same goes for social media and communication apps (Facebook, Skype, etc.); anything damaging that tries to come through, whether a link, file, attachment, image, music file, etc. is stopped in its tracks.

The segregation of the connections and files is secular; whether good or bad, they are all made or viewed only within the container (some solutions allow users to bridge selected items safely onto the internal network). The contents of the container are wiped periodically to permanently remove malware from the computer.  As a result, endpoints are not vulnerable to web-based threats such as drive-by downloads, malvertising, and an endless stream of zero-day exploits that easily bypass signature-based anti-virus software, firewalls, gateways, and other security tools.

If there is a need to actually import files into the network, the system will have users covered there as well.  A secure bridge disarms files by extracting the content and leaving anything suspicious behind. Like the virtual container itself, this approach does not rely on an ability to detect malware – it simply transfers the “known good”.  That makes it immune to the ever-changing threat landscape.

Hospitals and schools are especially vulnerable, having experienced numerous malware attacks. Last February, for example, a Los Angeles hospital paid 40 bitcoins to unfreeze its data. A month later, an attack on the Medstar hospital system froze electronic records at ten hospitals in Maryland (according to the company, it did not pay the ransom, and restored its data from backups). Other hospitals that have been attacked include one in Kansas, which was actually hit twice by the same cyber-crooks, after paying the ransom demanded in the first attack. So far, the Medstar attack has been the biggest ransomware shakedown reported.

With virtual container systems, however, phishing efforts by hackers will come to naught; even if they convince a user to click on a bad link or manage to get a poisoned attachment past an e-mail virus checker, the malware will be unable to get past its virtual space and infect a computer, or the rest of the network, denying ransomware purveyors their ultimate goal of shutting down a company's operations. Thus, virtual container technology actually gives organizations two victories over hackers – one, by protecting their internal networks from ransomware, and two, preventing downtime and enabling employees to continue working as usual.

To learn more, visit Bufferzone.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about FacebookSkype

Show Comments