Cyber ransom is not new; in fact, it’s been around for years. But we’re seeing more and more headlines around it lately.
After hospital ransomware attack, time for some blunt talk about cybersecurity
--Yahoo! News 4/16/2016
Big Paydays Force Hospitals to Prepare for Ransomware Attacks
--NBC News 4/23/2016
Michigan Power and Water Utility hit by Ransomware Attack
Cyber ransom traditionally has been done via viruses and spyware, but now there is a category called Ransomware which clandestinely installs itself on a system without the user’s knowledge. It then restricts access to this system and demands that the user pay a ransom to remove the malware. Some will even encrypt the users information making it nearly impossible to use.
Traditional methods like firewalls and virus scanning software are no longer enough. They are not always real-time in nature and usually identify the malware after it has traversed the network. The approach needs to be proactive, looking for changes in the patterns of users and/or their devices. This can be done in a number of ways and there are some products you can buy. One such product is Darktrace. Darktrace is an appliance that sits on the network and monitors the network traffic. It has an algorithm that it uses to define “what is normal” in the way of user and device behavior. If there is any deviation from normal it will alert the network administrator and can even take action to stop the offending user / device.
Even the best practices won’t work when an employee comes to work with a non-sanctioned device that contains the malware. Think about your laptop that your teenage child used without your knowledge to download a game from a pirated site? You bring it to work and unknowingly breach security by introducing malware to the network. Darktrace would alert you that either a new device is on the network or that a known device is now acting very differently than it usually does. This is the power of “behavioral analysis.”
As long as you have data on your network, you are at risk. And it’s just a matter of time before an attack happens and succeeds. Be prepared. Would you like to see it for yourself? Watch a demonstration on our website here.
If you’re interested in seeing even more please contact me at Andrew.firstname.lastname@example.org
~Andrew Trodden, CTO