Held Hostage

Ransomware: How to stop it once and for all

  • By David Wagner
  • Nov 01, 2017

Ransomware attacks are becoming infamous. As I write now, the Petya attack is unfolding. And in May, the world was hit with WannaCry, an attack that affected computers in more than 150 countries. The wormlike virus moved into unprotected Windows servers that didn’t contain a critical patch, encrypting files with a ransom of $300 in bitcoin from users. Within its relatively short life span, WannaCry infiltrated more than 100,000 computers, including those in U.K. hospital systems, telecom businesses in Spain and corporations in Asia.

The scariest part of the attack isn’t how many computers it compromised or how many countries it was found in, but rather the fact that older operating systems—many of which are still in wide circulation and use—gave little protection against it.

The virus itself wasn’t handcrafted by a single individual, nor was it the brainchild of a group of hackers. It was actually stolen from the National Security Agency. Shortly after reports came in about the theft, Microsoft released a security update to patch the same vulnerability that the WannaCry ransomware—and likely Petya as well—took advantage of.

Ransomware attacks are not new, and they’re not going to stop anytime soon. Now that hackers can monetize their actions and make hundreds of thousands of dollars in a few days, they’ll continue to look for weak spots in software and corporate security policies to exploit.

Like any other disease, curing this type of virus begins with awareness. It’s not enough to just include the one patch that stops the Petya and WannaCry viruses. It’s not enough to do the bare minimum. Businesses have to change their mindsets and become aware of their own vulnerabilities. They need to take ownership of them and work to strengthen the places that hackers could potentially exploit.

Owning the Problem

The only real action any business can take to prevent these attacks is to put in place a strategic information security risk management framework to address evolving threats. That means creating policies for backups or finding a new, agile way to control and protect your business information. It requires policies that are made for a specific business, its employees, and its unique environment— taking everything into consideration.

As long as vulnerabilities and opportunities for hacking exist, the ransomware business model will continue to affect thousands of businesses all over the globe. According to the FBI, ransomware attacks quadrupled between 2015 and 2016. And there’s no indication that this will slow anytime soon—unless businesses decide to drastically shrink the market by implementing policies to protect themselves.

There are three ways businesses can effectively close the market for ransomware attacks. Some of them are time-consuming, and others are expensive, but the benefits significantly outweigh the risk of having business information stolen by hackers.

Implement an upgrade policy. This is the obvious starting point for many companies. It’s relatively easy to implement but could end up being the one thing that saves a business from bankruptcy. When ransomware attackers encrypt files and send their ransom notes, they promise the safe return of data upon a specified payment. But they don’t always follow through.

What happens if a business pays the ransom but doesn’t receive its data back? The consequences could be catastrophic. Implementing an upgrade policy protects a business’s future while simultaneously preventing attacks like Petya and WannaCry by patching software vulnerabilities.

Only use supported software. Today, there is no shortage of free software. There’s a reason the phrase “there’s an app for that” exists. Businesses will often go find these free or inexpensive products and justify it by exclaiming the cost benefits. However, when that software is then the cause of a malicious attack, the cost benefits don’t outweigh the risks.

Identify your greatest risk. Email remains the top attack vector, and ensuring its security should be a top priority. Secure email gateways are a great way to prevent malicious software from entering your network. Those gateways shouldn’t rely on only signatures to protect email. Not all malicious attacks can be caught by these signatures. Instead, secure email gateways should look at the content in the email, including URLs and attachments, in addition to signature-based screening.

Ransomware attacks on businesses have far-reaching implications. The only way to stop these attacks is for businesses, nonprofits, and other organizations to work diligently to create policies that make it substantially more difficult for hackers to find vulnerabilities they can exploit.

This article originally appeared in the November 2017 issue of Security Today.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX

  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
Most   Popular

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.