Skip to main content
Exploring what’s next in tech – Insights, information, and ideas for today’s IT and business leaders

Best of Enterprise.nxt: Ransomware holds business hostage

Ransomware has been with us many years, but the problem grew dramatically in 2020 and 2021. It's bad, but with resources and diligence, you can protect yourself.

The big computer security story of the COVID pandemic era has been ransomware. It's a phenomenon that has been with us for some time but has taken off in a big way in recent years.

In a standard ransomware attack, attackers gain a privileged foothold within the target organization's network and encrypt the organization's data. They then tell the organization that for a price, they can have the key to decrypt the data.

Such an attack can paralyze an organization. One ransomware attack in 2021, against the operator of a major pipeline network in the eastern U.S., caused widespread shortages of gasoline.

Even if the victim of the attack has backups, recovery takes time, and time is money. Sometimes victims choose to pay the ransom because decryption with the key is faster than restoring the backups—although there's no guarantee that the attacker will come through with the decryption key. Following best security practices will generally prevent or mitigate the effects of such attacks, though compliance with these practices remains spotty.

Below, we have included a range of Enterprise.nxt's recent coverage of ransomware, discussing how it works, how to prevent it, and how to recover from it.

Is ransomware really as bad as we think it is?

Because the pandemic just wasn't hard enough: Ransomware has cost victims tens of billions of dollars. And it's not just the money. Ransomware attacks this year have stalled supply chains, resulted in massive data breaches, and shut down hospital services. The problem may be even worse than it appears.

Cyber resilience, unknown unknowns, and the transformation of enterprise security

The severity and variety of threats against IT have reached the stage where organizations must think broadly about their cyber resilience. Cyber resilience is the ability of an organization to absorb an attack or major failure in its infrastructure while maintaining its core functions and integrity. In the words of an old, classic advertisement, cyber resilience is the ability of a company to take a licking and keep on ticking.

How to test your backup and restore plan—the right way

You don't have an adequate backup plan if you don't know whether you can restore your data successfully and in a reasonable time period. If you haven't actually tested your restore plan, you don't know if it will work. Here's how to approach the problem and achieve an increased measure of confidence.

Is it wrong to pay ransom?

Victims of ransomware attacks are in a tough spot. Paying ransom is expensive, embarrassing, and distasteful, as you are funding criminal activity. But if it's the only way to save the business, it may be the least bad option.

Why healthcare is such a juicy ransomware target

Hospitals and healthcare networks were major targets of ransomware gangs in 2021, with the first confirmed loss of life from such an attack. Medical operations often give in quickly because they can't tolerate loss of function, and they are victimized so frequently because they have put off important security measures for too long.

2020 ransomware attacks still mostly through unsecured RDP

Attackers still find a lot of low-hanging fruit when searching for ways to compromise an enterprise for ransomware or other purposes. In 2020, open RDP (Remote Desktop Protocol) systems were a favorite, with the rest mostly coming through email phishing and unpatched vulnerabilities.

Protecting backups from ransomware is as easy as 3-2-1

If you hope to recover from a ransomware attack without paying up, you'll need a backup that the attackers haven't compromised. Fortunately, there are well-established guidelines, the 3-2-1 rule of backups, which should ensure you a backup you can use.

How not to get ransomware

Ransomware may seem new, but it's not usually innovative, and the best-practice defenses you should always be following are usually effective in blocking it: Patch software promptly, use two-factor authentication, block unused ports, and generally follow the principal of least-privileged access.

Cybersecurity insurance: A key level of defense in depth

Defense in depth is a well-established principal of IT security, as with all forms of security. One prudent layer, if all the others fail, is to have cybersecurity insurance to help recover from an attack. The better you defend your systems, the less likely you will need such insurance and the less costly premiums will be.

6 easy ways to expose your business to ransomware

Bad practices that make a business vulnerable to ransomware attack include lacking a complete inventory of IT assets, failing to test recovery procedures like restoring backups, not following basic practices like applying security updates, and not having an incident response plan to put into action when a problem arises.

This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.