At the start of the year, Lunarline predicted that ransomware would be among the top cyber security concerns for 2016. This long-standing threat – in which a hacker takes system resources hostage and demands a fee to regain access – is rapidly becoming more popular. This is a part of a larger, concerning trend in which yesterday’s hacking methods are still effective against private networks.
Ransomware made national headlines in February when Hollywood Presbyterian Medical Center paid hackers $17,000 to re-instate system access to stop an attack. That was only a fraction of the $3.6 million that cyber criminals initially demanded, but that’s still a pure loss. And the total cost of recovery from the breach – which is not yet reported – is sure to be significantly higher.
The public may be concerned about attackers’ ability to circumvent Hollywood Presbyterian’s cyber defenses. Thus, in addition to recovery efforts and cyber defense improvements, the hospital may face the substantial costs involved with reputational damage control and restoring public trust.
Organizations should understand that ransomware is a real threat that can cause serious damage above and beyond the fees demanded by hackers. To address the issue, organizations should evaluate and strengthen a number of capabilities, including:
Hackers often focus their ransomware attacks on specific targets rather than deploying them randomly. Companies should complement their vulnerability scan with in-depth penetration testing to locate potential exploits before hackers do.
2. Incident Response
Hollywood Presbyterian made some missteps in responding to their ransomware issue, including treating it as a random hack with no bearing on its data systems. How your organization responds to such an attack makes a big difference in mitigating direct and indirect damages.
3. Malware Assessment
Sophisticated malware can go undetected in your systems for some time before causing an incident. To combat these threats, you need quality detection tools driven by active, up-to-date intelligence. You also need to make malware reports actionable, and for that, you need malware assessment tools that can prioritize threats by linking them to your core assets.
Lunarline has helped organizations of all sizes, across numerous industries and branches of government, address their malware issues and effectively combat ransomware threats. For more information on how we can help you, send us a message online or visit Lunarline.com today.