28/06/2017 | Written by: Erno Doorenspleet
Categorized: CISO's Tower | Security
Share this post:
Remember WannaCry? When a group of unknown threat actors carried out one of the largest ransomware attacks of its kind, hundreds of thousands of computers in 150 countries got infected. Wannacry hit the news barely a month ago!
Fast forward 1 month…Yesterday, newsmedia around the world reported on a similar attack with ransomware called Petya. This more sophisticated ransomware affected a number of Dutch and Belgian companies. Companies like Maersk and APM terminals with terminals throughout the Netherlands and Belgium had to revert to manual loading and unloading, and some banks as well reported having ransomware troubles. And also elsewhere across Europe companies were faced with similar issues.
Ransomware generally revokes access to a victim’s endpoint or encrypts data on that endpoint before prompting the victim to pay a ransom to regain control. That’s the basic idea, but the devil is in the details. By various estimates, up to 83 percent of ransomware attacks originate when an employee clicks on a malicious link, opens an infected attachment or visits a compromised website. Employees are the first line of defence, so investing in ongoing awareness training about protecting against phishing and malware should be a priority. And that we need to drive this more is clear, it is apparently still very effective when you look at the results.
But even heightened user awareness has its limits. Keep in mind that the vast majority of exploits occur against known vulnerabilities of unpatched endpoints, which means they are preventable. Organizations need to be able to manage all endpoints — smartphones, tablets, laptops, desktops, ruggedized devices, wearables and the Internet of Things (IoT) — from a single platform, making it easy to keep all systems current with OS and third-party software updates.
It sounds simple: Apply basic endpoint hygiene to keep your data safe. Yet we see continuous disruptions by cyberattacks and ransomware threats. Many organizations are simply unwilling or unable to take the necessary ‘basic’ steps to significantly improve their security posture.
Earlier this year, IBM made history by announcing the industry’s first and only cognitive approach to Unified Endpoint Management, through IBM MaaS360 with Watson. MaaS360 customers who manage their laptops and desktops alongside their smartphones and tablets were well-equipped to quickly understand the WannaCry attack and take remediation actions.
View our online webinar on a cognitive approach to Unified Endpoint Management.
The risk of ransomware is rising exponentially and is here to stay. Several blogs and websites such as our own ransomware site offer valuable lessons in preparing and understanding what actions to take to lower the risk before and during the attack.
You might also want to consult the IBM Ransomware Response Guide or view our ransomware webinar series on how to orchestrate your security defences to avoid ransomware.
Finally, if you have been affected, and require urgent and immediate assistance, reach out to outside expertise and call the IBM X-Force Incident Response Hotline, outside the US: (001) 312-212-8034 (USA: 1-888-241-9812).