Cybersecurity Article

Ransomware 101

Ransomware is one of the fastest growing threats to businesses and individuals in Cyberspace. But what exactly is it and how does it affect your org​anization?

Ransomware Resurgence

Whilst ransomware has been around in various shapes and forms since the late 1980’s, it has experienced significant resurgence in the last few years due to its ability to quickly generate large sums of money. According to the Internet Crime Complaint Center organization in the US, some ransomware variants are reported to have generated criminal gains in excess of 18 Million US Dollars​, with affected organizations also incurring costs due to loss of productivity and to restore operations following an outbreak. And according to McAfee Labs' 2016 Threats Predictions report, ransomware will remain a major and rapidly growing threat in 2016.

A Typical Case​

Imagine that you try to start-up your PC, but nothing seems to work. Instead you are met with a splash-screen stating that you must pay a ransom to regain access to your PC and your files. This is an example of a typical ransomware case, caused by an employee opening an email attachment or clicking on a malicious link.

This seamlessly innocent action causes malicious software to be downloaded and executed. Once the malicious software has entered the PC, it starts encrypting all accessible files, both locally on the PC and on all accessible network drives. Finally, ransom-information is provided explaining how an employee or their organisation can decrypt the files in return for a payment.

Depending on the scale of the case, business operations can be severely affected as employees are no longer able to access the working files that they would normally access as part of their daily activities.

Prevention Steps

  • As with most things in life, prevention is better than cure. In order to improve protection against ransomware, include the following measures:
  • Raise security awareness across the organization regarding online security
  • Implement access control on network drives to reduce the likelihood of a single infected user PC causing widespread disruption across the business’s network drives
  • Ensure antivirus, whitelisting and email spam filters are regularly updated to protect against incoming phishing e-mails and executable files
  • ​Implement email quarantine for attachments and links to allow central scanning
  • ​Implement standard system patching processes to ensure that all systems, software, PCs and servers are patched for known vulnerabilities.

 

Mitigation Activities

It is difficult to avoid getting hit by any kind of malware at some point, and therefore effective incident response is crucial to ensure fast reaction by the organisation in the event of an outbreak. In order to minimize the impact to the business following such an event, include the following mitigating actions:
Develop a specific security incident response process for ransomware incidents to ensure a step-by-step response is in place to quickly respond to and resolve incidents
Review business continuity processes to ensure prompt recovery and / or alternative working arrangements during recovery
​Review, update and test system backup and restore processes to ensure that backup files can be promptly restored in the event of an outbreak, minimizing the impact to the business

Whilst ransomware is unlikely to disappear anytime soon, by taking action now, businesses will be able to reduce the likelihood of infection and / or minimize disruption following an outbreak.​


Click here
to download our whitepaper "NNIT Cybersecurity - A new threat landscape requires a new approach"


Are you prepared to protect your business-critical IT?

The global efforts to control and contain the COVID-19 pandemic is a blunt and brutal reminder of the necessity of solid Business Continuity Management. The widespread quarantine has suddenly made digital workspaces vital and cybercriminals are keen to take advantage. Do you have a plan in place to protect or recover the IT systems that are vital to keep your business running?

Read the full article here


We're a Managed Security Service Provider helping you manage your ​cyber-security strategy, processes, certifications, controls and compliance measures.​

Based on strong partnerships with solution providers, we can build a ​full-scale Cyber Defense Center. We can establish solid identity and ​access management solutions, assess your threat posture in real-time ​and respond to any threat fast.

See more here





We are ready to assist you

NNIT has a large number of information security specialists ready to assist you. Together they have an enormous range and depth of competencies. We also have our own Cyber Defense Center, and if lightning strikes, we respond and assist you. Fast.

Read on to learn how our cybersecurity services can help your business stay compliant, secure, and future-ready.
Contact
ESKU

Esben Kaufmann

Head of Cybersecurity Consulting - Associate Vice President