Should I Be Worried About Ransomware?


Ransomware is a way for cybercriminals to steal money from you. You, not just large organizations, but individuals and small businesses. It’s happening more and more every day, but most people still refuse to believe that they will be a target of a ransomware attack. You don’t need to be a large retailer with millions of credit card records or a healthcare organization storing millions of personal health records. With Ransomware, the cybercriminals are not stealing any data from you. Instead, they encrypt your files, these could be personal pictures of your family vacations, files that contain important business information, or system files needed for your applications to run. After encrypting your files, they ask that you pay a “ransom” to regain access to your files.

How do you know that you are protected from ransomware?

You need to understand how ransomware works in order to successfully protect from it. Once you understand the anatomy of a ransomware attack, you can then build the proper controls to protect from it.

There are two general ways to protect from Ransomware:

  1. Build the proper defense in an effort to prevent an infection
  2. Build the proper recovery processes, procedures and tools to be able to recover once you get infected.

*Refer to a recent article on How to Avoid Ransomware.

Most common ransomware attacks and solutions:

  • Globally, 74% of all targeted attack attempts use email. You should have email filtering technologies like spam protection in place for anything deployed on-premise and in the cloud. Be sure to look at your current email solution provider’s protections and understand what certain security protections are in place with your email technology.
  • Cover the basics with your employees by providing security awareness training. Employee security awareness training and internal email phishing tests help educate and measure user’s tendencies to click on bad links. With regular testing and training, you’ll likely find that only a few employees will continue to fail your phishing tests. By identifying the culprits within your organization, you’ve taken the first step towards understanding where more protection might be needed. A simple program can reduce risk and dangerous behaviors over time. Make sure your organization follows best practices to protect from your own people.
  • Web content filtering should be in place to protect users from going to bad websites and reducing the risk from malware infections via web browsing activities.
  • Next-generation firewall solutions bring to the table application inspection, network-based malware protection, sandboxing technology for inspection of unknown and suspicious files.
  • Next generation endpoint solutions have the ability to detect not only known attacks but also unknown attacks based on file behavior. New security technology from Palo Alto, Checkpoint, and McAfee an Intel Company is able to identify good or bad files and application behaviors. Once the malware is identified, you need to be able to zero-in on the attack trajectory and be able to rapidly isolate and eliminate the malware on all endpoints that might have been infected. Nowadays, endpoint protection technology should have all of these capabilities.

Where should I start in protecting my data?

If you haven’t yet this year, you should work with a third-party organization to give you a Vulnerability Test. Many IT cybersecurity consultants offer them free. Vulnerability management serves to frequently scan the environment and remediate identified vulnerabilities.

Written by: Vlad Gotsev, Security Practice Director/Partner