Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

How Mid-market Enterprises Can Protect Against Ransomware Attacks

Ransomware Malware Threats to Business

Ransomware Malware Threats to Business

Whenever a data breach happens within a large enterprise, it tends to make headlines. And there were plenty of those in the news last year, from the IRS to Anthem to the U.S. Office of Personnel Management to Ashley Madison. Mid-market enterprises tend not generate big headlines, as far as cyber attacks go, but that doesn’t mean there weren’t more than enough to go around. Hackers are getting more sophisticated each day, and businesses have to contend with not only zero day threats but also souped-up versions of longstanding threats. An example of this is the evolution of popular ransomware tools like CryptoWall and CryptoLocker, which saw a resurgence in 2015.

Most cyber attacks targeting large enterprises are the result of highly sophisticated campaigns. Attackers will have likely spent months testing perimeter defenses and conducting social engineering reconnaissance work. Unlike these targeted, custom attacks executed by experts with specific goals, ransomware is a massively scalable attack that aims to infect as many users as possible via malicious emails or compromised web sites. It’s a similar concept to the Zeus financial Trojan, but instead of stealing money from a victim’s bank account, it runs automated crime logic to encrypt data with no manual intervention.

Because of its ability to cast a wide net, ransomware is a popular tool for hackers. Panicked businesses are often quick to pay a ransom to get their data back, but this is ill-advised since it informs the rest of the hacking community which targets are more likely than others to pay up. Nevertheless, there has been a significant increase in available ransomware. According to McAfee Labs’ recent quarterly threat report, there has been more than a 100% increase in total ransomware in Q3 2015 compared with the same quarter in 2014.

The true tale of a ransomware attack

Recently, a law firm owned by a friend fell victim to a ransomware attack. A paralegal was caught in a phishing scheme, encrypting her AV-protected PC disk with the latest strain of CryptoWall malware. Even though the firm had limited back ups of the data, it was advised to not pay the ransom. There were bugs in the private/public key system use by the CryptoWall malware, creating a situation where the files could not be decrypted even if the firm paid the ransom. So the firm decided to cut its losses and give up the data, and make the move to the Cloud-based Office 365.

Despite the alarm bells that have been sounding for several years now, there are still too many organizations that don’t think they’re the targets of hackers. After all, why would a nation state or an organized cybercrime group take the time and effort to target an organization with a limited customer base and few commercially valuable assets? They can’t really use anything for cyber warfare or to monetize in the black market. But this false sense of anonymity paired with a lack of security resources and expertise is exactly what makes mid-level enterprises such lucrative targets for hackers. However, there are a few opportunities for businesses to stop ransomware:

Don’t open suspicious emails and attachments. Yes, this is an obvious answer, but one that bears repeating. The weakest link in the cybersecurity chain is a company’s own employees. If phishing scams weren’t so effective, they wouldn’t be the root of most cyber attacks. The base anti-virus program should be paired with an in-depth cybersecurity awareness training program for all employees.

Warn users of suspicious websites. Deploy a strong URL filter to stop or at least alert users that they may be navigating to a risky website. Where attachments fail, malicious websites will often do the trick.

Detect incoming malicious files. Another mechanism for defeating ransomware is to catch malicious files coming in through a strong anti-malware or sandboxing solution. This reduces the risk of infection should an employee accidentally download a malicious file.

Look for malicious outbound traffic. If you do find yourself infected, there’s still hope. For ransomware to work, it has to generate the encryption key pair and deliver the public key to the machine via its command-and-control (C2) server. However, the encryption stage can be impeded if the business can detect and stop the outbound request.

Most top-of-the-line security appliances are cost-prohibitive to any business that’s not a large enterprise due to the difficulty of acquiring, installing, configuring and maintaining them. Instead, mid-market enterprises can look for ways to maximize defenses while offloading the costly ongoing care and feeding work. Mid-market enterprises with limited resources and weak defenses are a particularly good target for ransomware attacks: they have just enough assets worth paying for, and the capital to do so.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


More than 3,800 servers around the world have been compromised in recent ESXiArgs ransomware attacks, which also include an improved process.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.