Held Hostage

Ransomware: How to stop it once and for all

  • By David Wagner
  • Nov 01, 2017

Ransomware attacks are becoming infamous. As I write now, the Petya attack is unfolding. And in May, the world was hit with WannaCry, an attack that affected computers in more than 150 countries. The wormlike virus moved into unprotected Windows servers that didn’t contain a critical patch, encrypting files with a ransom of $300 in bitcoin from users. Within its relatively short life span, WannaCry infiltrated more than 100,000 computers, including those in U.K. hospital systems, telecom businesses in Spain and corporations in Asia.

The scariest part of the attack isn’t how many computers it compromised or how many countries it was found in, but rather the fact that older operating systems—many of which are still in wide circulation and use—gave little protection against it.

The virus itself wasn’t handcrafted by a single individual, nor was it the brainchild of a group of hackers. It was actually stolen from the National Security Agency. Shortly after reports came in about the theft, Microsoft released a security update to patch the same vulnerability that the WannaCry ransomware—and likely Petya as well—took advantage of.

Ransomware attacks are not new, and they’re not going to stop anytime soon. Now that hackers can monetize their actions and make hundreds of thousands of dollars in a few days, they’ll continue to look for weak spots in software and corporate security policies to exploit.

Like any other disease, curing this type of virus begins with awareness. It’s not enough to just include the one patch that stops the Petya and WannaCry viruses. It’s not enough to do the bare minimum. Businesses have to change their mindsets and become aware of their own vulnerabilities. They need to take ownership of them and work to strengthen the places that hackers could potentially exploit.

Owning the Problem

The only real action any business can take to prevent these attacks is to put in place a strategic information security risk management framework to address evolving threats. That means creating policies for backups or finding a new, agile way to control and protect your business information. It requires policies that are made for a specific business, its employees, and its unique environment— taking everything into consideration.

As long as vulnerabilities and opportunities for hacking exist, the ransomware business model will continue to affect thousands of businesses all over the globe. According to the FBI, ransomware attacks quadrupled between 2015 and 2016. And there’s no indication that this will slow anytime soon—unless businesses decide to drastically shrink the market by implementing policies to protect themselves.

There are three ways businesses can effectively close the market for ransomware attacks. Some of them are time-consuming, and others are expensive, but the benefits significantly outweigh the risk of having business information stolen by hackers.

Implement an upgrade policy. This is the obvious starting point for many companies. It’s relatively easy to implement but could end up being the one thing that saves a business from bankruptcy. When ransomware attackers encrypt files and send their ransom notes, they promise the safe return of data upon a specified payment. But they don’t always follow through.

What happens if a business pays the ransom but doesn’t receive its data back? The consequences could be catastrophic. Implementing an upgrade policy protects a business’s future while simultaneously preventing attacks like Petya and WannaCry by patching software vulnerabilities.

Only use supported software. Today, there is no shortage of free software. There’s a reason the phrase “there’s an app for that” exists. Businesses will often go find these free or inexpensive products and justify it by exclaiming the cost benefits. However, when that software is then the cause of a malicious attack, the cost benefits don’t outweigh the risks.

Identify your greatest risk. Email remains the top attack vector, and ensuring its security should be a top priority. Secure email gateways are a great way to prevent malicious software from entering your network. Those gateways shouldn’t rely on only signatures to protect email. Not all malicious attacks can be caught by these signatures. Instead, secure email gateways should look at the content in the email, including URLs and attachments, in addition to signature-based screening.

Ransomware attacks on businesses have far-reaching implications. The only way to stop these attacks is for businesses, nonprofits, and other organizations to work diligently to create policies that make it substantially more difficult for hackers to find vulnerabilities they can exploit.

This article originally appeared in the November 2017 issue of Security Today.

Featured

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Motorola Solutions Named Official Safety Technology Supplier of the Ryder Cup through 2027

    Motorola Solutions has today been named the Official Safety Technology Supplier of the 2025 and 2027 Ryder Cup, professional golf’s renowned biennial team competition between the United States and Europe. Read Now

  • Evolving Cybersecurity Strategies

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

OSZAR »