According to a survey commissioned by the premier cybersecurity firm SANS, the highest security threat in 2016 was Ransomware. More than 50% of financial institutions surveyed indicated that ransomware was their biggest security concern! Tools to launch ransomware and denial of service attacks are readily available on the web, making them easy to propagate to a large audience, with very little effort and skill. The level of risk of Ransomware has even overtaken Phishing attacks, which has most recently been the biggest concern for security professionals.
Ransomware often originates via email containing attachments or embedded links to websites which can prevent you from accessing Windows, encrypts files while hiding the encryption keys, and stops certain programs (i.e. browser) from working unless you pay money (a “ransom”) to get access to your data. There is no guarantee that paying the fine or doing what the ransomware tells you will give you access to your data again. Ransomware can even find its way into advertisements on legitimate websites that remain active for prolonged periods of time. Rarely do victims realize or recognize when this occurs.
- Schedule user training and testing to increase awareness of ransomware attacks
- Implement comprehensive patch management programs that keep systems up-to-date
- Limit user privileges and access to resources required for doing job
- Perform backups and store backed up data offline (newer ransomware can spread through drive shares and even reconnect disconnected shares)
- Segment network to add checkpoints that require authentication (i.e. password) for accessing infrequently used systems
- Use Application layer firewalls to block inbound and outbound traffic to known ransomware websites, thus preventing users from inadvertently downloading malicious tools or uploading encryption keys
Comments are closed.