New CTI Blog Post- The Evolution of Ransomware
By Keith Millett | Feb 09, 2017 | Blog
The good ol’ days of ransomware are far behind us. The traditional, “I hack your system, encrypt your data, and send you the key if you cough up the cash” model is evolving at an alarming rate. Hackers are getting creative and customizing their approaches based on your business vertical. Sometimes, paying the money is just one of the many costs associated with a breach. When hackers will stop at nothing to infiltrate and exploit your business, how can you possibly keep up?
CASE STUDY: RANSOMWARE COMPLETELY SHUTS DOWN OHIO TOWN GOVERNMENT
Just this past week, a ransomware attack brought systems in the government offices of Licking County, Ohio to a halt. Frighteningly, this included systems at the local police department. According to an article on TechCrunch, “The county government offices, including 911 dispatch, currently must work without computers or office phones” and “the shutdown is expected to continue at least the rest of the week.” It was suspected that an employee, unaware of the common attack vectors for malware, clicked a malicious link in a phishing email. Within minutes the damage was done. As is the case in many ransomware horror stories, the Licking County government was forced to pay the ransom demand to expedite recovery and return their police and other critical departments to full functionality. Attackers are after more than just your data. It is critical to keep this in mind when cataloging business assets and creating a plan to defend your organization.
EMPLOYEES: YOUR FIRST LINE OF DEFENSE
When a digital attack is waged on your organization, it is natural to want to defend your network in a similar way. Companies wonder, “What systems do we have in place in our digital environment to protect us?’ Words like, “firewall” and “antivirus” come to mind. What most organizations fail to address is the human element. Your employees are the first line of defense against a hacking attempt. Have you educated them on what a phishing attack looks like, or not to click on potentially malicious links in emails from unknown senders? It is critical to involve your staff in a “Security Awareness Training.” For more information on CTI’s Security Awareness Training, click here. Additionally, keep the lines of communication between your IT Department and the rest of your organization open and transparent. If there have been attempted hacks on your system, let your organization know so they can be prepared. What they don’t know can hurt your company.
ASSESSING YOUR NETWORK BEFORE THEY DO
Mapping your IT environment is key to protecting your organization. If you don’t know where your vulnerabilities lie, how can you ever expect to fix them? Security Assessments help you identify and fix vulnerabilities in applications and infrastructure that can lead to a compromise of your sensitive data. Risk Assessments determine which of your information resources require protection, and identifies steps to mitigate risk.