Skip to main content



How Deadly is Ransomware?

By Patch ManagementNo Comments

How Deadly is Ransomware and How Effective are the Protections Against It?

Organizations of all kinds have found themselves victims to ransomware. Find out how dangerous these attacks are and explore strategies to protect your business.

Picture the following scenario for a moment: It’s a seemingly typical day at the office for your business. People are busy and coffee-driven. Everything is unfolding as it should — or at least as it usually does.

Then, in the space of just a few seconds, everything changes on a dime with the beginning of a ransomware attack.

Maybe it’s your client database — including all of the financial and personal information you’ve collected in the partnership process — that suddenly becomes inaccessible. Perhaps key files are abruptly encrypted in a way that you’ve never seen before. Or maybe systems grind to a halt and won’t function. You see a message telling you, in so many words, to pay up or lose the data (or remain locked out of your mission-critical networks and devices). It’s a simple — and often successful — exploit tactic.

No matter how the incident specifically unfolds, whether you pay up or work around it, you’ll likely always divide your job, to some extent, into pre- and post-ransomware periods. Here, we’re going to take a deep dive into the ins and outs of ransomware, and examine how effective various tools — ranging from staff training to endpoint detection and response solutions — can be in mitigating the damage that this increasingly common cyberattack type can do.

A Brief History of Ransomware

According to a 2012 piece from TechRepublic, ransomware dates back to the late 1980s, though it did not emerge as a tool during that decade. It became somewhat prominent among hackers and cyberattackers in the mid-2000s, and about a decade after that, it began to take the forms that IT and information security team members are familiar with today.

To date, the most famous ransomware attack — and certainly the most impactful in terms of the sheer number of those who were victimized by it — is 2017’s WannaCry. This particular act of extortion involved a viral exploit known as ExternalBlue, which attacked Microsoft operating systems that hadn’t been patched for a vulnerability in the Server Message Block file-sharing protocol.

Gizmodo noted that the attack, based on a self-propagating cyber warfare tool originally developed by the National Security Agency and hijacked by the ShadowBrokers hacker group, spread quickly to every device on every network it reached and randomly through the internet.

WannaCry-infected machines saw their data encrypted and received demands for $300 ransom payments into bitcoin wallets in exchange for decryption. Since the ransomware spread to as many as 200,000 computers across 150 countries before white-hat hackers began distributing decryption keys, its makers received almost $130,000 for their efforts.

Also, although the Department of Justice would ultimately charge a North Korean hacker, Park Jin-hyok, with deployment of WannaCry and various other cyberattacks, The New York Times pointed out Park would likely never stand trial for these alleged offenses due to poor U.S.-North Korean diplomatic relations.

Anatomy of a Typical Ransomware Attack

Social engineering strategies like phishing or spear-phishing are perhaps the most common delivery system for ransomware attacks, especially in organizational networks:

  • An employee receives an email purporting to be from a manager or co-worker, urging them to click on a link or attachment.
  • When they do, malware takes over targeted systems, either encrypting files or preventing access.
  • A ransom-demand message is then delivered, sometimes with a deadline. Bitcoin wallets are the typical method of payment requested by attackers, due to their use of decentralized ledgers that can be easily found but whose owners are virtually untraceable.

Existing vulnerabilities, like the Windows flaw that allowed WannaCry just enough room to sneak into so many machines, are another common entry point for ransomware scams. Intrusion through the internet of things is also entirely feasible, especially, as CSO noted, in the case of botnets that have seized control of dozens of devices.

Botnets can — and have — shut down large portions of the global internet due to their raw power, making them perhaps the most frightening ransomware threat vector. (That said, the average ransomware attack is more precisely targeted than the blitzkrieg approach of a large botnet would allow.)

Organizations of all kinds across the public and private sectors have found themselves the victims of ransomware. But throughout the late-2010s heyday of this cyberattack type, state and local government offices were targeted with particular frequency. In many cases, this was due to under-protected or outdated IT infrastructure that was easier to breach.

Due to the sensitivity (and volume) of information these bodies hold in their records, they will most likely remain common ransomware victims for the foreseeable future. On the private-sector side of things, energy sector firms and healthcare organizations — especially the latter — have often been similarly attacked and will continue to be targeted in 2020 and the years to come.

As stated, ransomware usually works by encrypting or walling off data, or bringing an infected machine (or network) to a halt through a dedicated denial of service. However, in some recent cases, cyberattackers have used the exploits in their ransomware deployments to steal data from businesses and leak it — or threaten to do so — to add further heft to their monetary demands, according to ZDNet. Organizations must be prepared for all of the worst-case scenarios that can accompany a ransomware attack.

The Personal Side of Ransomware Mitigation & Response

Most people are at least somewhat aware of ransomware by now. But that doesn’t necessarily mean the average employee of a given organization is trained to be cyberattack-wary in a manner that genuinely minimizes their likelihood of being hit with such an attack or provides them the skills to deal with it.

According to the results of the Chubb 2019 Cyber Risk Survey, only 31% of organizations offer company-wide training to bolster staff awareness of cyberthreats. Because of this, it’s hard to fault workers for falling prey to well-disguised ransomware scans.

The Infosec Institute pointed out that regular cybersecurity awareness training, once implemented, can be a significant aid to organizations’ efforts to reduce their overall levels of vulnerability to ransomware and other potentially devastating attacks. Experts noted that it can be particularly effective to engage employees in such training exercises on a monthly basis.

Framing these initiatives through the lens of gamification -— e.g., conducting simulated social engineering and ransomware attacks and offering prizes to those who respond to the mock threats properly — can further galvanize workers’ enthusiasm for and commitment to cybersecurity. This can lead to a significant decrease in staff members falling prey to the phishing, pretexting and other social engineering scams that often precede ransomware infection.

Choosing the Proper Tools

Training and increased awareness alone will not be sufficient to substantially mitigate the dangers that ransomware poses to countless organizations. It’ll also be necessary to find and implement a number of more concrete tools equipped to detect and repel or quarantine these cyberattacks.

If you already have an antivirus software solution in place, there’s a strong chance that it won’t be equipped to deal with contemporary ransomware threats unless the program is brand new. And most of the antivirus software that does work on ransomware is specifically focused on detecting and preventing it as opposed to other attack vectors.

Also, often as not, businesses that haven’t been previously targeted by cyberattacks of any kind will have let their cybersecurity measures fall out of date- and such lax awareness, on its own, can be enough to facilitate a ransomware intrusion, as the WannaCry debacle proved.

Instead, it may be best for your organization to use a multifaceted approach that includes not only employee training, firewalls and antivirus tools but also solutions for patch management and endpoint detection and response. As businesses integrate themselves further into the IoT landscape, their endpoint numbers will skyrocket, presenting that many more potential entry points for attackers, so it’s critical to protect them at all costs.

Syxsense offers comprehensive EDR software and patch management platforms along with always-available managed services from our support team. To dive deeper into the possibilities of our products, consider a free trial today.

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

10 Ways To Protect Your Organization From Cyberattacks

By News, Patch ManagementNo Comments

10 Ways To Protect Your Organization From Cyberattacks

While your first line of defense is always common sense, there are 10 actions that should be implemented to secure your organization.

This article originally appeared on

Many CEOs don’t want to think about cybersecurity. That’s why you hire a chief technology officer (CTO) or chief information security officer (CISO). But cybersecurity is now a board-level issue. While your first line of defense is always common sense, below are 10 actions every CEO should be implementing to secure their organization, with the help of the IT team.


1. Enable Two-Factor Authentication

If it has a password, make sure it supports two-factor authentication, which is a one-time code that is sent by SMS Text, email or an app on your phone like Google Authenticator (we don’t recommend SMS Text). A password is no longer enough to protect yourself. Passwords can be compromised by phishing attacks (emails asking you to enter your password) or stolen from other websites, where you might reuse the same or similar passwords.

Many companies now use Microsoft Office 365 for email and will often synchronize this with local usernames and passwords (Active Directory). If you have a breach in Microsoft Office 365, not only is Office 365 exposed, but now the attacker may have access to your local physical network.


2. Use Products Like Duo to Allow Two-Factor Authentication

Today Microsoft Windows and Apple Mac operating systems do not have two-factor authentication to control logons to laptops, desktops, servers, RDP, etc. By implementing tools like Duo (recently acquired by Cisco) you can add a second factor to all your physical and virtual devices. As an added bonus, you can also limit which devices accept a user’s logon.


3. Use a Password Manager

It is vital to have different passwords for every system you use. There have been many large-scale hacks of online services like LinkedIn (164 million accounts stolen), Adobe (152 million accounts stolen), Myspace (359 million accounts stolen), and more. This data is being used to create databases of usernames and passwords which can then be used to hack other systems. By having unique passwords for every system, you can protect against this. How do you remember all those passwords? Use a password manager like 1Password.


4. Make Sure You Have Backups

Backup everything! If your organization has a breach and ransomware is distributed, make sure you have backups of all your data. By far the easiest way to recover from ransomware is to wipe your devices and restore backups of data.


5. Disable SMB Outbound

The U.S. National Cybersecurity and Communications Integration Center (NCCIC) recently issued advice that all organizations should block outbound Server Message Block (SMB) traffic at the firewall – Ports 137/139/445.

A recent hack has been identified that leverages Windows’ ability to automatically logon to remote devices when connecting to a share. This is very useful when connecting to devices within your corporate network, however, it is a huge security hole when used by a hacker.

“Approximately 80 percent of breaches occur because IT has not kept up with software updates.”

7. Limit Access to Everything by Limiting IP Addresses

Many cloud solutions allow you to lock down security by limiting access from only certain IP addresses. For example, you might include your office public IP address and home.


8. Instruct Your Accounting Department to Verify Instructions to Pay or Transfer Funds by Phone

An attacker sets up an email address very similar to the CEO or CFO and then sends an email directly to the accounting team instructing them to urgently pay an invoice by wire. Implement a policy that all wires require a phone approval before payment.


9. Buy Cyber Insurance

This is a relatively new form of insurance and we have seen it being included in Errors and Omissions policies recently. It is vital that your organization purchases cyber insurance. This will cover the costs of investigation, responding to a breach, as well as business interruption and maybe even reputational losses.

Big Tip: If your organization experiences a breach, as soon as you finish an emergency response — like taking devices off the network — contact your insurance company, a lawyer that specializes in IT security, and let them hire all the IT security investigators. By letting your lawyers hire the IT security investigators, the results of the investigations become privileged information, legally limiting who can access details about what happened.


10. Encrypt Confidential Data

Many organizations use services like Dropbox to share and back up data. While these services are great and typically encrypt the data in the cloud, this data can still be decrypted by them. Also, services like Dropbox might sync the data across multiple devices, essentially creating local unencrypted versions of your data.

One approach to protect your data is to use full disk encryption, but you would need to make sure this is enabled across all your devices. Hint: IT management tools like Syxsense will tell you which devices do not have BitLocker enabled. However, this still leaves your data at risk if Dropbox has a breach. Products like BoxCryptor offer the ability to put an extra layer of encryption on the content, which protects your confidential data in the cloud and on local devices.

Patch Everything

Approximately 80 percent of breaches occur because IT has not kept up with software updates. It’s more important than ever to patch all devices, operating systems and applications, and more recently, IoT devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Ransomware Crashes Airport Displays

By NewsNo Comments

Bristol Airport Hit By Cyberattack

According to officials from the Bristol Airport, the attack started Friday morning.

It took out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights.

Illustrated by photos posted by travellers on Twitter, airport officials were forced to use whiteboards and paper posters to announce information for flights and luggage pickup points.

“We are grateful to passengers for their patience while we have been working to resolve issues with flight information this weekend. Digital screens are now live in arrivals and departures. Work will continue to restore complete site-wide coverage as soon as possible,” the airport tweeted on Sunday.

This is not the first case of an airport being targeted by ransomware, nor will it be the last. Cyber criminals are striking harder and bolder at any network they find vulnerable.

Organizations must act now and implement a proactive approach to securing their networks. An IT solution like Syxsense will facilitate a comprehensive patching strategy to ensure all systems are up to date.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo