Skip to main content

Ransomware Part 1: Is this an Epidemic?

May 09, 2016

The words ‘ransomware’ and ‘epidemic’ occur too frequently in the same sentence these days, prompting executives to prepare their organizations to survive this latest cyber threat. The Center for Disease Control and Prevention (CDC) provides the following definition of an epidemic. 

“Occasionally, the amount of disease in a community rises above the expected level. Epidemic refers to an increase, often sudden, in the number of cases of a disease above what is normally expected in that population in that area. Outbreak carries the same definition of epidemic, but is often used for a more limited geographic area.”

If pundits and researchers are correct regarding their assessments of ransomware as an epidemic (or greater), the keys to preventing wide-spread infections are rapid mobilization, coordinated response plans, and dissemination of information. 

  1. Organizations should be mobilizing teams internally to understand the prevalence of the threat and attacker intentions. Coordination of teams is mandatory for an organization’s response capability and survivability.
     
  2. Security operations, incident response and management should have a vetted, coordinated response plan in place, including the following preventive measures:
    1. Working backups (preferably, online and out-of-band). All backup capabilities are not equal. We cannot stress this step enough. Ransomware attacks reveal that backups are not functioning at effective levels in numerous organizations.
    2. Detection and prevention controls in place.
    3. Data classification and valuation of data.
    4. Communication trees and rules of engagement (ROE) with ransomware dealers. In the case of a successful attack, organizations can:
      1. Attempt to remove the compromise.
      2. Pay the ransom or attempt to negotiate (nothing guaranteed).
      3. Do nothing at all (the FBI has recently reconfirmed its stance to not pay ransomware dealers).
         
  3. Communicate and widely disseminate information about ransomware criminals. Organizations should have strong security awareness programs. Focus on phishing awareness is crucial. Attackers typically target unsuspecting users as entry points into organizations.
     
  4. Learn from the experiences of others to shore up on defenses. Many organizations targeted by ransomware campaigns have shared valuable insights combating this wave of attacks.
     

If ransomware truly is the newest cyber epidemic, executives should waste little time investing in preparedness to defeat it.

In our next post we will examine how different strains of ransomware can infect your environment.


    Mark Arnold

By: Mark Arnold

Solutions Research Analyst

See More

Related Blogs

May 30, 2018

Phishing - The Rest of the Story

Receiving an email lure designed to trick you into clicking a phishing link and then logging into a fake website has become a common threat. In this b...

See Details

May 17, 2018

Dear Board of Directors, It’s Time to Do the Right Thing and Elevate IAM

I talk with IT executives regularly and have noticed a trend across industries that is concerning. While the threat of a data breach looms large on th...

See Details

April 03, 2018

Escape and Evasion Egressing Restricted Networks – Part 2

Attackers and security assessors alike are utilizing a technique called domain fronting, which masks malicious command and control (C2) traffic. This ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

June 28, 2017

Petya / Petna / NotPetya Ransomware Recommendations from the Trenches

Here we go again. Not long ago I updated a blog post containing actionable recommendations to protect your environment from ransomware threats, includ...

See Details

June 09, 2018

Endpoint Security Technology

Gain enterprise-level visibility and management over your endpoints in addition to preventing, detecting and responding to advanced threats and malwar...

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.