Ransomware remains very much a human problem.

December 13, 2018

8 Slides

By Terry Sweeney

It’s the scourge of organizations and enterprises of all sizes, not just because of the insidious malware it unleashes, but because it costs – often dearly – to get rid of it.

Ransomware gets immediate attention because it auto-encrypts all the data it touches, bringing operations, applications and user activity to a screeching halt. Then comes the demand for money, usually in the form of cryptocurrency like bitcoins, for the decryption key to release the captured data.

The bad news first: End users, IT professionals and channel partners can expect more ransomware variants in 2019. The good news: Basic IT hygiene, regularly performed, goes a long way toward blunting ransomware’s impact if not blocking it altogether. Think of it like dental flossing for vulnerable data.

In just a few years, ransomware has mushroomed into a multibillion-dollar problem, according to security researchers. Ransomware was forecast to cost organizations $8 billion in 2018, a disturbing jump from $5 billion in 2017, according to CyberVentures. The consultancy predicts another increase for 2019 – $11.5 billion – a disturbing trend for IT pros and channel partners.

The IT landscape is littered with ransomware victims. Some pay the ransom, which can range anywhere from tens of thousands to several million dollars. Others, like the City of Atlanta or Colorado’s Department of Transportation, give abductors the middle finger. Rather than pay up, they instead chose to rebuild their systems from scratch, spending millions in the process.

Law enforcement offers mixed messages about whether ransomware victims should pay. Perpetrators rely on end-user desperation, which helps explain why hospital IT systems are a favored target. But ask any IT pro how urgent the atmosphere turns when users at any organization can’t access email, their data or a calendaring app, especially when the frantic call is from the CEO.

Throughout the fourth quarter of 2018, as part of our “In Focus” series, we are featuring a series of galleries designed to help partners grow their businesses in 2019 and beyond.

Ransomware typically relies on phishing emails that cleverly mimic legitimate requests, plus an inducement to click on a link — “Reset your password…” or “Save 25% off your next purchase,” for example. And that’s when all the training and IT security messaging go out the window with users who are distracted, busy or just plain stressed.

Pironti-John_IP-Architects.jpg

IP Architects’ John Pironti

So as tempting as it is to look to advances like artificial intelligence, machine learning or some cloud-based automation, ransomware remains very much a human problem, according to John Pironti, president of security consultancy IP Architects. Regular training and awareness-building is essential, he said, but so IT is discipline with best practices for enterprise security.

“When people are in pain, this is what happens — they don’t patch; they don’t harden their systems,” Pironti explained. “It’s not sexy stuff, which is why people don’t do it.”

Looking to up your anti-ransomware game?

“It’s a hygiene thing,” Pironti said, admonishing IT shops to re-commit themselves to basic protections to keep their users, data and systems safe from cryptothieves. Our slide show will help you understand more about what you can do to get back to security basics and improve your overall risk profile against ransomware.

Read more about:

AgentsMSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like