Connect with us

Hi, what are you looking for?


Malware & Threats

Minimizing Exposure to Ransomware Attacks

Ransomware is dominating the headlines so far in 2016, having moved from targeting individuals to holding corporate data hostage and extorting payments to decrypt the files. Holding someone or something for ransom is a simple yet effective strategy that has been used by criminals for thousands of years.

Ransomware is dominating the headlines so far in 2016, having moved from targeting individuals to holding corporate data hostage and extorting payments to decrypt the files. Holding someone or something for ransom is a simple yet effective strategy that has been used by criminals for thousands of years. Today, cyber criminals are applying these ancient techniques to modern technologies. So what do enterprises need to know about ransomware attacks and what can they do to minimize the risk of being victimized?

Recent ransomware attacks against school districts (e.g. New Jersey, Horry County in South Carolina), healthcare providers (e.g., Ottawa Hospital), state and local governments, and enterprises illustrate that criminals have shifted away from using this crimeware to extort payments from consumers, since companies will pay higher ransoms.

Ransomware, which encrypts a victim’s data and demands a ransom to unlock it, often has a major impact since it represents a loss of sensitive data or can shut down business operations. Ransomware has been around for a few years. However, according to the Federal Bureau of Investigation (FBI), we’re currently seeing a dramatic increase of these type of cyber-attacks paired with increasingly higher ransom requests. If the first quarter of this year is any indicator, we’ll see the number of ransomware incidents surpass last year’s record, which tallied at 2,453 reported incidents and approximately $24.1 million in ransom paid by victims.

In the past, ransomware was delivered via spam emails, whereby the crimeware was deployed by clicking on an attachment or URL. As defense mechanisms have improved, cyber-attackers have become more sophisticated using spear-phishing emails that target specific individuals and seeding legitimate websites with malicious code. Some recent attacks have even started exploiting smart phone vulnerabilities to penetrate corporate networks. Recent attacks have leveraged RDP brute force attacks as a delivery mechanism.

Upon infection, ransomware begins encrypting files and folders on local hard drives, any attached local storage or backup areas, and potentially other computer nodes that reside on the same network that the victim’s device is attached to. The infection typically goes unnoticed until either access to the data is denied or a message is presented to the victim that demands a ransom payment in exchange for a decryption key.

There are a few fundamental steps that an organization can take to minimize their exposure to ransomware attacks:

1. Implement security awareness programs to educate employees on how ransomware is being deployed and how to avoid spear phishing attacks.

Advertisement. Scroll to continue reading.

2. Frequently update anti-virus and anti-malware with the latest signatures and perform regular scans.

3. Apply access controls, including file, directory, and network share permissions to limit the exposure of non-administrator users to sensitive data.

4. Create an application whitelist, allowing only specific programs to run on a computer. This should include the disabling of macro scripts from Microsoft Office files transmitted over email.

5. Back up data regularly to a non-connected environment and verify the integrity of those backups regularly.

While these practices cover the security basics, ransomware is just one form of exploit that can easily be replaced by another. The root cause of ransomware infections is the ability of cyber-attackers to exploit known or unknown vulnerabilities. Therefore, streamlining threat and vulnerability management practices becomes the most essential method for minimizing an organization’s exposure.

In today’s dynamically changing threat landscape, contextualizing internal security findings with external threat data can identify imminent cyber risks and help prioritize remediation actions accordingly. However, traditional vulnerability management approaches that use CVE scores to prioritize remediation actions are no longer sufficient. Instead, a more holistic cyber risk management model is needed. One that identifies threats and prioritizes remediation actions by unifying and contextualizing internal security intelligence, external threat data, and business criticality across the entire computing stack to enable pro-active and collaborative enterprise security.

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...