Vector
Vector

Choose your topics

Blogs
How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Blogs
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
Blogs
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

GRC
Blogs
The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
Blogs
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Blogs
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Blogs
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Blogs
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
Blogs
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Vector-1
Cyber Security

Reducing your exposure to Ransomware Part 1: What is Ransomware and the Risks to Your Organization?

Reducing your exposure to Ransomware Part 1: What is Ransomware and the Risks to Your Organization?
Written by

Anna

Published on

30 Oct 2016

Reducing your exposure to Ransomware Part 1: What is Ransomware and the Risks to Your Organization?

 
 

Ransomware is becoming big business for cyber-attackers. You only have to glance at the recent media coverage from the BBC on the ‘alarming’ rise of ransomware attacks to get a feel for how it’s having a massive impact on businesses. Here’s a brief overview of what ransomware is and what the risks are to your organization.

What is Ransomware?

Ransomware is a type of malware that encrypts the files and data on infected machines. This includes other machines that the original infected PC is connected to, such as servers and other networked PCs. Ransomware prevents access to those files until a ‘ransom’ is paid to the criminals behind the attack to unscramble the data.

What’s the risk to your company?

The biggest risk within a corporate network is that the ransomware has the same access to files and data as the person who uses the infected machine. This can be especially dangerous if an executive is successfully targeted, as such highly privileged users often require access to vast quantities of company data.

Another major ransomware risk is a social one. If an employee is given the option to pay and conceal the fact that they accidentally triggered an infection, they may do so out of fear of losing their job. However, the malware will still reside on the computer after the ransom is paid and can act as a Remote Access Toolkit (RAT) to capture screenshots, keystrokes and network traffic. This includes sending files and passwords back to the attackers to sell or use for executing further attacks against the organization.

Ransomware attacks are becoming more targeted and sophisticated on a daily basis. Organizations are being specifically targeted by attacks, which are carefully and socially-engineered to trick employees, rather than the more common mass-mailing approach.

These attacks are designed to combat traditional security controls, and boost the chances of an infection being successful, e.g. the criminal may plant the ransomware on a seemingly-innocuous website and then circulate the website link to specific individuals within a target organization, encouraging them to click the link and trigger the download.  This enables the first stage of the attack to bypass some traditional security controls as the original email has no malicious content, and by clicking on the infected link, the user is effectively inviting the ransomware onto their machine.

What are the mitigation strategies for ransomware attacks?

In our next blog, we will look at the mitigation strategies that you can adopt in order to prepare for, and protect your organization against, ransomware attacks