Ransomware Guide

What is ransomware?

Ransomware is a type of malware designed to extort money by encrypting device files or threatening to delete them completely. Recent news has shown that this type of attack has exploded in popularity of the past few years.

Some of the most high-profile ransomware attacks from 2020 have shown that the threat is growing in number and sophistication. For example:

• Travelex. At the beginning of this year Travelex reportedly paid $2.3 million, paid in Bitcoin, to regain access to its computer systems. It was announced in August that the foreign exchange firm had appointed PwC as administrators due to the cyber-attack followed by the Covid-19 crisis having “acutely” hit the firm.

• Blackbaud. Perhaps one of the most high-profile events of the year was how the software supplier became a victim of a ransomware attack in May in which over 20 institutions were affected, including many UK universities. The firm announced the hack weeks after it took place, which goes against GDPR that states companies must report a significant breach within 72 hours. Due to the scale of the attack, the fact that Blackbaud paid the ransom demand arguably encourages future attacks.

• Garmin. The online services for Garmin went off in July due to a ransomware attack. There were rumours around how much the ransom demand exactly was with figures of $10 million being reported; however, the amount and whether Garmin paid is unknown.

These are just some of the ransomware attacks so far in 2020. If the rest of the year follows the growing trend then unfortunately ransomware attacks will not be going away.

We have put together some of the best resources from our vendors to help you understand ransomware and how you can protect your organisation.

Sentinel One

SentinelOne provides one platform to prevent, detect, respond, and hunt ransomware across all enterprise assets.

SentinelOne recently produced a whitepaper on “To Pay Or Not To Pay?”. This resource is excellent as it acknowledges the implications associated with paying or not paying ransom demands.

You can get the white paper here.

SentinelOne’s “Understanding Ransomware in The Enterprise” e-book is an in-depth resource. It explains methods of infection, how to plan for an incident, the response and how SentinelOne’s platform can protect and respond to ransomware. It features details about the latest ransomware families such as WannaCry and REvil. It also includes information about its Ransomware warranty for its customers.

You can get the e-book here.

If you are interested in seeing SentinelOne in action, then you can book a demo here

KnowBe4

KnowBe4’s free Ransomware Simulator identifies how effective your network is in blocking ransomware. It is a 100% harmless simulation of real ransomware and cryptomining infections which does not use any of your own files. It tests 19 types of infection scenarios; all you have to do is download the install and run it, you get your results in just a few minutes.

You can run the free RanSim here.

You can also get more information with KnowBe4’s hostage user manual. The manual gives you details on what you need to know to prepare and recover from a ransomware attack, including a response and prevention checklist.

KnowBe4 also has a ransomware guarantee:

“We are so confident our security awareness training program works; we’ll pay your ransom if you get hit with ransomware while you are a customer.” – Stu Sjouwerman, Founder and CEO, KnowBe4, Inc.

The guarantee is coverage up to $1,000 per 12 months, you must use KnowBe4 Security Awareness Training and must report the infection to KnowBe4 immediately.

You can get the manual here.

If you are interested in finding out about KnowBe4 and more free tools then head to our website.

Palo Alto

Palo Alto Networks Cortex XDR contains an Anti-Ransomware Protection module. This module targets encryption-based activity associated with ransomware. Cortex XDR contains defined behavioural indicators of compromise designed to detect anomalies within your network.

If webinars are more appealing to you, Palo Alto have announced an upcoming webinar about Ransomware on the 22 September. It will take on a more technical approach with live demos from Unit 42 Threat experts and brings together information about the latest ransomware families.

You can sign up for the webinar here.

You can also find information about Palo Alto and ransomware on their Cyberpedia page here. It offers an overview on what ransomware is and some key tips on prevention.

With the newly dispersed workforce, cyber-criminals are adapting and ransomware attacks are escalating. Ensure your organisation has a ransomware strategy using the resources from our partners.