Ransomware Q&A

5 Tips to Prepare for One of Today’s Biggest Security Threats

Bill Virtue

Another day, another attack…or, at least, that’s how it feels lately. Ransomware is all over the news, affecting everyone, from small businesses to huge multi-national corporations. Naturally, our customers are concerned and asking all sorts of questions to better understand this threat and how to better protect their organizations. Here are five of the most common questions I get regarding ransomware:

Q—What exactly is ransomware, and how does it work?
A—Ransomware is a type of malicious software that is designed to restrict a user’s access to files until some amount of money is paid. It is usually paid using Bitcoin in an effort to obfuscate the attacker’s identity. Opening an infected attachment in an email or clicking on a link to an infected website will start the [ransomware] file encryption process. Once a user is locked out of their own files, the ransomware will display instructions on how to regain access to the data.

Q—How serious of a threat is ransomware in the United States?

A—The first known ransomware was back in 1989 and it is still a very popular attack vector. Cybercriminals are monetizing on a user’s inability to detect ransomware. CryptoWall alone is suspected of generating some $320 million. Although ransomware typically targets the consumer, businesses are seeing more ransomware in 2017 than in 2016. More than 50% of all malware contains ransomware and a growing number of ransomware attacks are successful.

Q – How can ransomware get into my network?
A—Today’s attacks are targeting end users, who can often be a weak link in security. Social engineering, along with malicious content or attachments, is how the bad guys are getting in. Regular security awareness training will help prevent attacks by educating users on how to spot suspicious emails/attachments. Connection offers General Security Awareness Training and can help reduce the risk of a breach on your network.

Q—I have an email spam filter or other technology in place to stop ransomware. Isn’t that enough?
A—Early ransomware was delivered via traditional phishing email blasts, which many email spam filters can stop. Today’s more sophisticated ransomware uses spear-phishing campaigns and directly targets domain users with legitimate email addresses. Ensuring the users can detect suspicious emails is crucial.

Q—What is the best way to protect my files from ransomware?
A—First, ensure that you have the latest virus protection (signature) updates. This will help with any known viruses. Upgrade or deploy Next-Generation Anti-Virus (NGAV) if you can. NGAV software can stop zero-day and ransomware attacks by using behavior analytics, machine learning, or sandboxing technology. Next, have users complete phishing training, which is usually how ransomware gets into the network.

Ransomware is a serious threat and should be treated as such. Vigilance, end-user training, and the latest security technologies are all critical components of a successful protection strategy.

How has ransomware impacted you? Leave a comment below to share your experience. 

Read this next:


Bill is a Senior Systems Engineer at Connection with over 30 years of experience in Networking Solutions, Information Security, and Identity Management. Bill is a founding member of the ISSA NH chapter dedicated to promoting Information Security within the business community. Bill is also a US Navy veteran and held Operations Management positions within the Atlantic Fleet. Bill has broad knowledge in the Security and Compliance space and has consulted on large scale enterprise deployments and security projects and contributed to many technical articles and technology white papers. When he has free time, Bill enjoys catching up with family and friends and riding his Harley Davidson.