Will we ever be able to prevent ransomware?

We're not doing great as IT and security leaders stopping ransomware. I have my own ideas because I implemented some zero trust strategies at a pharmaceutical company years ago that were super effective and worked great. But you can't tapply the same strategy to every company. Now there's a new concept called extortionware. With ransomware they infiltrate and encrypt all your files. If you pay the ransom, you get the decryption key, and maybe it works, but you lost your money either way. With extortionware they actually grab your data and threaten to post it. I don't know if it was LAPD or another police department, but their attackers posted the personal information of all their police officers online because the department didn't pay the ransom.

Anonymous Author
We're not doing great as IT and security leaders stopping ransomware. I have my own ideas because I implemented some zero trust strategies at a pharmaceutical company years ago that were super effective and worked great. But you can't tapply the same strategy to every company. Now there's a new concept called extortionware. With ransomware they infiltrate and encrypt all your files. If you pay the ransom, you get the decryption key, and maybe it works, but you lost your money either way. With extortionware they actually grab your data and threaten to post it. I don't know if it was LAPD or another police department, but their attackers posted the personal information of all their police officers online because the department didn't pay the ransom.
0 upvotes
Anonymous Author
Ransomware is the one thing that keeps me up at night. Still.  The old way is to use virtual desktops, rapid detection, and behavioral analysis. Catch it quick, detect it fast, flush the machine, and then use multiple backups and snapshots to restore the data.  Detect, limit damage, restore from snapshots. Obviously as a bank we have many different and redundant security layers. It’s a lot to manage, but it’s required because some technologies miss attacks, vulnerabilities, or malicious behavior, and other technologies can catch those. Some of the latest ransomware is not only encrypting your files. The attackers steal the data—they're surveilling and exfiltrating data, and demanding ransom or they will post the data, compromising accounts and damaging your reputation.  But if you pay them, it's not just about decrypting your data. You pay for them to not post your data publicly, or reveal that you've been compromised. Some companies have been hit multiple times because after the attackers get the ransom money once, then they come back to threaten you again, which they can do since they still have your data, and now they know that you’ll pay!  So the trick, of course, is not to let them have your data at all in the first place.
2 upvotes