Blog postCode signing

Protecting against ransomware


With the recent world wide ransomware attack, that affected both public and private services in many countries the obvious question is “how can we protect against these kinds of attacks in the future”. The answer is not a simple one, and there is no single silver bullet as there isn’t with most complex matters. The ransomware in questions seems to have used a few different attack vectors, with different protection mechanisms:

  1. Email scam, tricking an unwitting user to install a program sent to him by email
  2. A vulnerability in Windows systems allowing the ransomware to spread automatically to other computers once one was infected through 1).

Protecting against these are possible, but it is hard to not let something slip through on a global basis.

Protecting users against installing bad programs can be done by locking down computers very hard. As always there is however a trade-off in any organization ho much freedom users need, compared to the need for enforcing a centralized security policy. There are many advice on how to prevent this, such as informing users not to click on suspicious links, frequently update your operating system, using up to date antivirus protection etc. Code Signing is another important part protecting against malicious code where you can allow only trusted signed code to be executed. The members of CAB Forum have recently agreed on stricter requirements for companies using code signing, enforcing the use of hardware protection for code signing keys. SignServer Enterprise is PrimeKey’s product for Code Signing that provides a centralized, audited code signing solution with high level of protection of code signing keys, using a Hardware Security Module (HSM). Using SignServer Enterprise organizations can ensure that code signing keys are not stolen and that strict audit trails show what code has been signed. Combining a good policy for code signing together with the above general advice will make it much harder for adversaries to infect your computers with malicious code.

The Windows vulnerability that was exploited by the ransomware was already fixed by Microsoft, but the affected organization had not yet installed the patch. Here organizations need to consider their security patch processes and cycles, to avoid being affected by old vulnerabilities. There are multiple vendors providing solutions to help organizations patch vulnerabilities in as short time as possible.

More about Code Signing