Skip Ribbon Commands
Skip to main content
< BACK

​Ransomware 101

​​​​​​

By John Clayton​, IT Management Consultant and Cybersecurity Specialist at NNIT A/S

Ransomware is one of the fastest growing threats to businesses and individuals in Cyberspace. But what exactly is it and how does it affect your org​anization?

Ransomware Resurgence
Whilst ransomware has been around in various shapes and forms since the late 1980’s, it has experienced significant resurgence in the last few years due to its ability to quickly generate large sums of money. According to the Internet Crime Complaint Center organization in the US, some ransomware variants are reported to have generated criminal gains in excess of 18 Million US Dollars​, with affected organizations also incurring costs due to loss of productivity and to restore operations following an outbreak. And according to McAfee Labs' 2016 Threats Predictions report, ransomware will remain a major and rapidly growing threat in 2016.

A Typical Case​
Imagine that you try to start-up your PC, but nothing seems to work. Instead you are met with a splash-screen stating that you must pay a ransom to regain access to your PC and your files. This is an example of a typical ransomware case, caused by an employee opening an email attachment or clicking on a malicious link.

This seamlessly innocent action causes malicious software to be downloaded and executed. Once the malicious software has entered the PC, it starts encrypting all accessible files, both locally on the PC and on all accessible network drives. Finally, ransom-information is provided explaining how an employee or their organisation can decrypt the files in return for a payment.

Depending on the scale of the case, business operations can be severely affected as employees are no longer able to access the working files that they would normally access as part of their daily activities.

Prevention Steps
As with most things in life, prevention is better than cure. In order to improve protection against ransomware, include the following measures:

  • Raise security awareness across the organization regarding online security

  • Implement access control on network drives to reduce the likelihood of a single infected user PC causing widespread disruption across the business’s network drives

  • Ensure antivirus, whitelisting and email spam filters are regularly updated to protect against incoming phishing e-mails and executable files

  • ​Implement email quarantine for attachments and links to allow central scanning

  • ​Implement standard system patching processes to ensure that all systems, software, PCs and servers are patched for known vulnerabilities.


Mitigation Activities
It is difficult to avoid getting hit by any kind of malware at some point, and therefore effective incident response is crucial to ensure fast reaction by the organisation in the event of an outbreak. In order to minimize the impact to the business following such an event, include the following mitigating actions:

  • Develop a specific security incident response process for ransomware incidents to ensure a step-by-step response is in place to quickly respond to and resolve incidents

  • Review business continuity processes to ensure prompt recovery and / or alternative working arrangements during recovery

  • ​Review, update and test system backup and restore processes to ensure that backup files can be promptly restored in the event of an outbreak, minimizing the impact to the business


Whilst ransomware is unlikely to disappear anytime soon, by taking action now, businesses will be able to reduce the likelihood of infection and / or minimize disruption following an outbreak.​


About NNIT Security Insights​

This is an article from NNIT Security Insights, a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.

NNIT has its own Computer Emergency Response Team (CERT). If lightning strikes, we have the necessary competencies in-house to respond and assist. We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage. 

You are welcome to contact us at nnitcontact@nnit.com if you want to know more about how NNIT can help your business increase its information security level.​


 

 

 

Helge Skov Djernes+45 30758868hfsd@nnit.comInformation Security Management Consultanthttps://www.linkedin.com/in/helgeskovdiernaes/Helge Skov Djernes

 

 

NNIT Cybersecurity Summit 2019https://www.nnit.com/Pages/NNIT-Cybersecurity-Summit-2019.aspxNNIT Cybersecurity Summit 2019
Digital Work Placehttps://www.nnit.com/advisory-services/NNIT_Academy/Pages/Digital-Work-Place.aspxDigital Work Place
Control Your Security & Privacy in the Cloudhttps://www.nnit.com/OfferingsAndArticles/Pages/Control-Your-Security-Privacy-in-the-Cloud.aspxControl Your Security & Privacy in the Cloud
Cloud Securityhttps://www.nnit.com/cybersecurity/Pages/Cloud-Security.aspxCloud Security
Managed Securityhttps://www.nnit.com/cybersecurity/Pages/Managed-Security.aspxManaged Security
Cyber Defense Centerhttps://www.nnit.com/cybersecurity/Pages/Cyber_Defense_Center.aspxCyber Defense Center
VR Cybersecurity Traininghttps://www.nnit.com/cybersecurity/Pages/VR-Cybersecurity-Training.aspxVR Cybersecurity Training
NNIT Security Insightshttps://www.nnit.com/cybersecurity/Pages/security-insights.aspxNNIT Security Insights
Identity & Access Managementhttps://www.nnit.com/cybersecurity/Pages/iam.aspxIdentity & Access Management
Application Securityhttps://www.nnit.com/cybersecurity/Pages/application-security.aspxApplication Security