Ransomware prevention, protection and recovery: A Blue Team's reference guide

Ransomware is a known threat, but sometimes it's good to be reminded of the defenses that can be marshaled against it

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Ransomware has been around since 2013, but it was the success of CryptoLocker that spawned a booming vertical market for criminals. Last week, as June came to a close, criminals leveraged the fear associated with the Petya ransomware family to create chaos across the globe.

Last week's attack, dubbed NotPetya, masqueraded as a ransomware attack, but that wasn't the real goal. While the funds collected by the criminals have been retrieved, experts have determined that chaos was the ultimate goal.

The attack started with M.E.Doc, a company that develops accounting software used by almost every company in Ukraine. In fact, early spread of NotPetya focused entirely on organizations in Ukraine and Russia.

Authorities in Ukraine seized M.E.Doc servers on Wednesday, and are investigating the company over the global attack. The authorities say it was M.E.Doc's alleged poor security practices that enabled the attackers to leverage their software update process and push malicious code to the public.

Putting M.E.Doc's security issues aside, the reason the NotPetya attack spread so quickly had a lot to do with a serious lack of security basics at the victim organizations – and attacks like this should worry everyone working in the security space.

But when it comes to ransomware alone (not chaos-driven attacks like NotPetya), most victims have a shared connection – they lacked some essential security basics, and that's what this article will address.

The effect of ransomware has been felt by organizations both large and small; each of them well aware of the risks associated with this type of malware. Some even had, what they assumed, were solid defenses against this type of attack - but their assumptions were wrong.

To continue reading this article register now