What are some of the key enablers of ransomware?

1.7k views3 Comments

Founder and CIO, Self-employed
I attended a session with some VMware security leaders and they made the point that cyber attacks are following business models. It is a business: it’s ransomware as a service. We need to think about how to disrupt their business model, because there is a scenario where you are no longer profitable to them. If they can't automate their way through most of your environment, you're not worth the trouble to them.

And a couple things that these security leaders quoted really surprised me; for example, they seemed satisfied if you could stop 85% of the attacks. I thought to myself that 85% doesn't sound like a very high bar to me, but their point was that you can't practically expect to stop more. The focus has to be on trying to identify that they're in your environment before they've had time to do all their mining for data and identities, and set their bombs off.

Of course you want to stop the 85%—the low hanging fruit—but it was more about having visibility into what's going on in your environment. Have security settings been changed on servers? Consider the kinds of things that attackers use to make the environment easier for them to work through. It was an interesting concept: your approach needs to be to disrupt their business.
Head of Enterprise & Solution Architecture, 1,001 - 5,000 employees
I read a very interesting article about the two key enablers of ransom attacks. One is cyber insurance, and the other is cryptocurrency. Criminals are targeting companies with cyber insurance, because insurance companies incentivize them to pay the ransom since it's cheaper than having to rebuild the company from the ground up. Cryptocurrency is also an enabler, because it makes it much easier to pay the ransom.
Director of IT in Software, 201 - 500 employees
Key enablers in my opinion are the companies that are paying for the ransom… well their insurance actually… governments that allow ransom to be paid (It should be illegal to pay for a ransom) and turning this to be a business model where you have ransomware as a service and nowadays the ransomware teams have a support line to help companies decrypt after the ransom has been paid

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.8k views131 Upvotes319 Comments

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%