BACKGROUND IMAGE: mattjeacock/iStock
Ransomware detection, prevention and recovery: Where to begin
Ransomware is in the headlines again, thanks to the May 2017 WannaCry attack.
Among recent ransomware attacks, WannaCry will go down in history for how rapidly it inflicted damage, taking PCs hostage from Canada to Chile, South Africa to Australia and Ireland to Japan within hours. The pain inflicted on businesses was immense and made everyone, including infosec pros, painfully aware of security shortcomings in their organizations.
What made the WannaCry attack so destructive? It wasn't merely that the ransomware used a wormlike exploit stolen from the National Security Agency; the damage was also due to a failure to employ available defenses -- including a recent patch for a Windows vulnerability.
With such fierce capabilities, ransomware will increasingly plague infosec pros. Fortunately, there's support for these IT teams that enterprises depend on to keep their computer assets safe from would-be hostage-takers. Those resources include law enforcement agencies, like the FBI, and public-service cybersecurity organizations that provide guidance and tools, including decryption tools for those who are already ransomware victims.
In the light of recent ransomware attacks, infosec pros need to make sure they are aware of all such resources. That's the first step. The second is to renew efforts to provide security training to any enterprise personnel with a computer and an internet connection -- i.e., to everyone.
An animated map published online by The New York Times illustrated the rapid spread of WannaCry. Look to our guide for actionable advice on how to keep your enterprise off such a map. That includes a hacker's perspective on the ransomware’s new, wormlike capabilities and more. Crying time is over; now is the time to learn from recent ransomware attacks what you can do to minimize the threat and how to deal if the worst happens.