Is the world ready for the next big ransomware attack?

WannaCry and NotPetya brought major companies to their knees and cost billions to remediate. A new report from Lloyds of London warns another similar ransomware attack would still be devastating.

1 2 Page 2
Page 2 of 2
  • Patch early, patch often: Almost every large-scale network worm attack in history has relied on unpatched security holes that have allowed the crooks to inject malware without human interaction.
  • Filter suspicious email attachments to reduce staff exposure: Make sure you're filtering outbound content, too. It can give an early warning of a rogue infected computer in your midst.
  • Segregate your networks: Your social media experts don't need access to your HR database or your legal records at the same time. Your cash registers and ATMs don't need to be on the same network as your telesales team.
  • Don't rely only on online backups: The worst-case Bashe scenario seems to rely on having all your backups destroyed instantly and simultaneously during the attack. If that could happen to you, then you are already over-vulnerable to fire, theft, flood and many other not-at-all-impossible real-world woes.
  • Pick proper passwords: Modern cybercrooks aren't in the hurry that they used to be. If they can log in as an administrator, they generally won't attack right away. They'll appoint themselves as sysadmins of your whole network and learn as much as they can before they decide how to squeeze you for money. Make it harder for them to guess or trick their way in.
  • Look at your logs: If you aren't regularly reviewing your logs to see what they can teach you - who's in, who's being kept out, who's online, who's not - then you might as well not keep them in the first place.

Copyright © 2019 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Microsoft's very bad year for security: A timeline