How Citrix solutions keep malicious attacks out of your system.
Over the weekend, news of possibly the largest ransomware attack — WannaCry — in history has permeated the globe. WannaCry is an operating system exploit, one of many that were exposed by Wikileaks. While the original exploit has been patched, that doesn’t mean attackers aren’t trying again. It’s critical that organizations step up their game — today. And it is more important than ever that we all prepare for multiple versions of attack as well as net new attacks.
The traditional approach to mitigating ransomware attacks — user education, anti-malware, frequent backups, and keeping a supply of Bitcoin on hand — is no longer a viable option by itself. Organizations need to turn to a more robust, systems-level approach to keep data out of an attacker’s reach.
Virtualization, enterprise mobility management. and enterprise file synchronization help shield devices and organizations — computers, tablets, smartphones and other endpoints — against ransomware attacks and allow for quick recovery if an incident does occur. Many of the operating system hacks published by Wikileaks can be mitigated with these types of technologies.
Citrix Protects Your Apps and Data from Ransomware Attacks
Ninety-nine countries and counting. The WannaCry attack has already resurfaced and its target list is expanding. Immediately patch the vulnerability, if you haven’t already and follow these steps to ensure you organization isn’t the next victim.
Patch and virtualize: Paying the ransom does not mean your files will be restored. Aside from the cost, payment only rewards criminal activity, and strengthens the incentive for more attacks across industries. If the bad actor does provide to keys to decrypt, restoration is often a manual process and can take weeks to recover, depending on the number of files impacted.
Run a system check to ensure all patches have been made and that employees are using the most up-to-date software.
We strongly encourage companies to migrate to Windows 10 and virtualize applications and browsers through Citrix XenApp & XenDesktop, and AppDNA to keep sensitive data off the endpoint. By using Citrix XenApp to run a hosted browser, IT can introduce a layer between the corporate environment and the Internet to shield the trusted computer and its data from attack.
Educate your employees about this attack and their role in protecting the company and themselves. First and foremost, let employees know they shouldn’t open a file or click on a link under any circumstances unless they know whom it’s from. If they are concerned or need to confirm, tell them to pick up the phone or ask a manager.
On the backend, IT can use Citrix XenApp to deliver a virtual email client to protect against infection via email links and attachment previews. By publishing the email client company-wide businesses can ensure that all required security settings are configured and consistent for all users. Antivirus, DLP (data leakage protection), whitelisting, and other technologies are integrated with the published email application meaning IT doesn’t have to worry about various scenarios across devices.
Mobile devices are prime targets for ransomware and other malware. Containerization is key to preventing attacks on mobile devices by centralizing management, security and control for apps and data without interfering with personal content on a bring your own device (BYOD). Containerization also contains an attack to a single user. Citrix XenMobile blocks any non-compliant BYOD prior to enrollment by checking to ensure that a device has not been jailbroken or rooted to allow the installation of pirated or non-validated apps.
Backup everything with a secure enterprise file sync-and-share service like Citrix ShareFile. Even if the ransom is paid, there’s no guarantee the files will be restored. The options are to restore data from a recent back up or live without the files. ShareFile keeps multiple versions of each file so that in the event a file is encrypted by ransomware, users can revert to the most recent, uncompromised version, eliminating the need for a hacker’s decryption key.
As more attacks surface, stay tuned for security best practices from Citrix.
For more technical information about using Citrix solutions to stop ransomware attacks, read our most recent whitepaper or the post — “WannaCry: Why Citrix Customers Are Not Crying Today” — from our senior architect, Martin Zugec.