While the concept of malware-based extortion has remained relatively unchanged since the first documented occurrence in 1989, attackers have spent the past 30 years refining their techniques and manipulating new technologies to build ransomware into a multibillion dollar industry.
Tactics have evolved from the early days when physical floppy disks were mailed out containing the “AIDS Trojan” with the hope that unsuspecting targets would load the malware onto their PCs. Even just a few years ago, ransomware such as “WannaCry” and “CryptoLocker” was spread via widespread phishing campaigns that were generally not tailored to specifically targeted individuals or groups. But today, ransomware is increasingly deployed as a secondary attack after the bad actor has already gained a solid foothold in the organization’s internal network.
Weekly, we are seeing new headlines revealing the latest victims of ransomware: state and local government offices, educational institutions, healthcare providers, 以及中小企业. Often the attacks are tailored and use advanced methods that disable the organizations’ critical resources and demand ransom payments large enough to cripple operations. 公用事业的账单已经中断了好几个月, police departments have been forced to revert to paper recordkeeping, and local governments have been reduced to issuing official statements about the outages via handwritten memos.
This past August, 22 cities in Texas were attacked simultaneously and held ransom for $2.5 million as the result of the breach of a shared third-party. Earlier this summer, Lake City, Florida paid a ransom of almost half a million dollars rather than attempt to recover its systems from backups. 那些选择不支付赎金的城市, 比如亚特兰大和巴尔的摩, have faced recovery costs of several million dollars even with reliable system backups.
An event of that magnitude can quickly threaten the existence of a small or medium-sized business, but the process of preparing to face the threat of ransomware does not need to be overwhelming. Managing this risk requires focusing on three main activities:
1. Prevent
Standard cyber-hygiene such as anti-virus and patch management still applies, but organizations should also be considering how to limit damage if an endpoint, 或者——越来越多地——成为bet9平台游戏提供商, is compromised. 一个电子邮件保护平台,如 Mimecast® adds an additional layer of defense from the most common means of compromise: phishing.
2. Detect
下一代端点保护平台,如 Carbon Black® 协助侦测可疑活动, and when possible, remediate the issue before it can propagate throughout the network. Organizations of all sizes should be employing properly tuned automation platforms to sift through system event data and flag potential security concerns.
3. Respond
Simply performing regular system backups does not constitute an adequate approach to disaster recovery. Organizations should ensure that appropriate plans are in place to manage cyber incidents and that these plans, 以及组织的数据备份, are regularly tested.
施耐德唐斯如何提供帮助?
The Schneider Downs cybersecurity practice consists of experts in multiple technical domains. 施耐德唐斯是这两种产品的授权经销商 Mimecast® and Carbon Black®, and offers comprehensive 数字取证和事件响应 services. For more information on our available services and software, please contact us at [email protected].
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. 虽然我们喜欢分享我们的想法和见解, 我们对你要说的特别感兴趣. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
所讨论的材料仅供参考, 而且这不能被理解为投资, tax, or legal advice. 请注意,个别情况可能有所不同. Therefore, this information should be relied upon when coordinated with individual professional advice.
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
