ransomware Reading Time: 3 minutes


Source: Comodo

One of the most well-known ransomware attacks occurred in May 2017, when the Wannacry attack unfolded. That attack affected over 200,000 users and infected more than 300,000 computers. CBS News estimated the WannaCry attack resulted in losses upwards of $4 billion. How?

When hundreds of thousands of computers cease working in 150 countries, that’s a lot of lost economic opportunity. You never get that time back. Work stops, essential activities are delayed, and infected devices must be replaced. In addition, depending on the nature of the data compromised, there may be legal consequences and damage to corporate reputations.

The reality is ransomware attacks aren’t going away. The City of Baltimore just experienced a serious attack on May 7, 2019, of this year. According to reports, the city’s systems needed basic software updates and backup files.

So this makes you wonder: Are your systems protected? Here are some reasons you may not be.

Two main ways to get infected

  • Just a few years ago, emails with innocuous attachments (like “billing codes” or “status updates”) actually contained malicious software that executed when the user opened the attachment. Once the attack was underway, users couldn’t access their own data or their screen is locked. A popup screen with the hacker’s payment demand appeared.
  • Ransomware is spread through websites that host what’s known as an exploit kit. The kit scans the visitor’s computer to see if it’s running software with known vulnerabilities. If the scan reveals even one of these vulnerabilities, it uses it to download and install ransomware on the victim’s computer.

Likely targets

Today, virtually every business and organization is a potential target of ransomware. Three segments, particularly at risk, include:

  • Schools and universities – because they tend to have smaller IT teams and may lack staff with cyber security skills of any kind. Georgia Tech was hacked in December 2018, and belatedly discovered that over 1 million records of faculty and staff, going back years, had been breached.
  • Healthcare companies – patient data can be extremely sensitive, and many healthcare organizations have outdated IT systems and software. Hackers poke around to find a computer or system with an old, known vulnerability and move in quickly. In June 2019, LabCorp revealed that the data for over 7 million patients had been breached, just one day after Quest admitted that more than 12 million patients’ data had been too. These attacks are not going away.
  • Financial companies – the old adage about robbing banks because that’s where the money still holds true. While most banks and insurance companies DO have the resources to keep their IT systems secure and up to date, the security landscape has changed. HSBC was tight-lipped about an October 2018 attack in which hackers accessed customer data in the U.S. It’s not known how many people were affected or whether money was stolen.

The common denominator across all these companies is that they need to change their mindset about IT security.

The best way to avoid ransomware attacks is to prevent them entirely

Conventional advice about dealing with ransomware has been to take the following steps:

  • Keep your operating system patched and up to date.
  • Install antivirus software to detect malicious programs when they appear.
  • Back up your files regularly so you can reinstall them if necessary.
  • Train your employees on how to spot suspicious emails.

However, “an ounce of prevention is worth a pound of cure” can go a long way. In a world of constant and evolving threats to IT systems and devices, you need to prevent those threats from causing damage.

Rather than detecting and responding to malicious software after it causes damage, Comodo has shifted the paradigm so ransomware cannot cause damage even when it is executed on an endpoint.

Once the ransomware is executed, Comodo contains the live ransomware in a virtual environment until a trusted verdict is returned. The user will see the ransomware execute on their endpoint, however, the user can still operate as normal, and the admin can delete the active processes to eliminate the ransomware without harm.

New thinking is needed to protect your computing resources

The bottom line when it comes to ransomware is that it can be avoided completely if you shift your mindset about how to protect your organization’s computing resources. You need to think holistically about your entire IT infrastructure – hardware, software, networks – and recognize that every part of it may be vulnerable. By implementing a Default Deny security posture with Default Allow usability, you can prevent “wanna-be” hackers from causing harm.

To learn more about how your organization can avoid ransomware attacks entirely, read Gartner’s “Everything You Wanted to Know about Endpoint Protection but were Afraid to Ask.”

Related Resources:

Best Antivirus