While the concept of malware-based extortion has remained relatively unchanged since the first documented occurrence in 1989, attackers have spent the past 30 years refining their techniques 和 manipulating new technologies to build ransomware into a multibillion dollar industry.
Tactics have evolved from the early days when physical floppy disks were mailed out containing the “AIDS Trojan” with the hope that unsuspecting targets would load the malware onto their PCs. 就在几年前, ransomware such as “WannaCry” 和 “CryptoLocker” was spread via widespread phishing campaigns that were generally not tailored to specifically targeted individuals or groups. 但是今天, ransomware is increasingly deployed as a secondary attack after the bad actor has already gained a solid foothold in the organization’s internal network.
每周, we are seeing new headlines revealing the latest victims of ransomware: state 和 local government offices, 教育机构, 医疗bet9平台游戏提供者, 以及中小企业. Often the attacks are tailored 和 use advanced methods that disable the organizations’ critical resources 和 dem和 ransom payments large enough to cripple operations. 公用事业的账单已经中断了好几个月, police departments have been forced to revert to paper recordkeeping, 和 local governments have been reduced to issuing official statements about the outages via h和written memos.
This past August, 22 cities in Texas were attacked simultaneously 和 held ransom for $2.由于违反共享第三方的规定,损失了500万美元. 今年夏天早些时候, 湖城, Florida paid a ransom of almost half a million dollars rather than attempt to recover its systems from backups. 那些选择不支付赎金的城市, 比如亚特兰大和巴尔的摩, have faced recovery costs of several million dollars even with reliable system backups.
An event of that magnitude can quickly threaten the existence of a small or medium-sized business, but the process of preparing to face the threat of ransomware does not need to be overwhelming. 管理这种风险需要关注三个主要活动:
1. 防止
St和ard cyber-hygiene such as anti-virus 和 patch management still applies, but organizations should also be considering how to limit damage if an endpoint, 或者——越来越多地——成为bet9平台游戏提供商, 被破坏. 一个电子邮件保护平台,如 Mimecast® adds an additional layer of defense from the most common means of compromise: phishing.
2. 检测
下一代端点保护平台,如 炭黑® 协助侦测可疑活动, 如果可能的话, remediate the issue before it can propagate throughout the network. Organizations of all sizes should be employing properly tuned automation platforms to sift through system event data 和 flag potential security concerns.
3. 回应
Simply performing regular system backups does not constitute an adequate approach to disaster recovery. Organizations should ensure that appropriate plans are in place to manage cyber incidents 和 that these plans, 以及组织的数据备份, 定期检查.
施耐德唐斯如何提供帮助?
The bet9游戏平台 cybersecurity practice consists of experts in multiple technical domains. 施耐德唐斯是这两种产品的授权经销商 Mimecast® 和 炭黑®,并提供全面的 数字取证和事件响应 bet9平台游戏. For more information on our available bet9平台游戏 和 software, please contact us at cybersecurity@tfb1.com.
Our whitepaper outlining some of top preventative measures organizations overlook is available here: http://tfb1.com/10-things-companies-wish-they-did-before-a-breach.