7 Ransomware Myths

Understand fact versus fiction in modern day ransomware attacks.

What’s the difference between ransomware and typical malware? Mostly, the effects. In a ransomware attack, the data is encrypted and the decryption key is not given until a ransom is paid. Malware tries to damage or disable computers and systems. The good news is the two attacks operate in fundamentally the same way, which means ransomware can be defended against in the same way.

Unfortunately, ransomware has become an issue for many companies around the world.

“This affects everyone. Everyone is at risk,” says Ian McShane, research director, at the Gartner Security & Risk Summit 2017 in National Harbor, MD. 

Gartner Digital Workplace Summit

Insights, advice and tools to help digital workplace and IT leaders achieve their most critical priorities 

Learn More

Read More: Learn from the WannaCry Ransomware Attack

However, myths about ransomware continue to plague the community.

Gartner analyst Ian McShane presents ransomware myths at Gartner Security & Risk Management Summit 2017.
Gartner analyst Ian McShane presents ransomware myths at Gartner Security & Risk Management Summit 2017.

Myth: Ransomware = Zero-Day Attacks

Fact: Attackers can choose from hundreds of known vulnerabilities that remain unpatched and  since developing a new or zero-day attack is difficult and expensive, will generally target those known vulnerabilities. With that in mind, system patching should be a top priority.

“Stop thinking about zero day and start thinking about things being attacked today,” says McShane.

Myth: Because you pay for latest EPP you have the latest EPP

Fact: The first problem is that many organizations do not have the most recent Endpoint Protection Platform (EPP) running. It doesn’t need to be the latest version, but it shouldn’t be three years old. If they are deployed, many groups only have a portion deployed because they don’t realize that new capabilities included in releases need to be tested and enabled. It’s also common that recommended guidelines aren’t being adhered to and it’s important to talk to the vendor and conduct continuous assessment. For an EPP to be the most effective, it should be one fully configured technology stack, versus two partially configured technologies. Make sure you’re doing minor updates every 3 months and major updates every 6 months and get a configuration check from the vendor.

Myth: Your EPP will protect you from all threats

Fact: Old versions of EPP rely on on signature-based prevention which only works on known threats and most ransomware can be repackaged. Ensure your organization deploys AND enables non-signature technologies.

Myth: EPP gives you all the insight you need

Fact: Many organizations are still relying on the end user to report security problems and lack visibility on endpoint processing. Many companies don’t explore where a problem comes from or why it’s happening. Is it a user-education issue or technology-based? Look for increased visibility and be able to respond to endpoint incidents and make sure you look for the root of a problem.

Myth: Firewalls and other perimeter solutions are all you need

Fact: Most of the payload comes from the internet and most organizations are not using best practices. Attacks are successful because of poor or outdated perimeter security, so ensure you’re using the latest patches and configurations.

Myth: Administrators follow best practices, all the time, every time

Fact: The truth is that not all admin accounts are monitored and admins are busy and stretched too thin. Those admin accounts and admin endpoints are high value targets so they should be monitored for unauthorized usage. Treat admin access as a data resource and protect it the same way.

Myth: Everything will be okay if you have a backup

Fact: Backups are great but they should be the last line of defense not a mitigation technique. Oftentimes organizations don’t monitor backups and ransomware now actively attempt to get access to the backups as well. Now is the time to document DR procedures and test regularly. Make sure there is limited read/write access to backup locations and monitor for any changes. You might even consider an offline backup.


Gartner clients can learn more in the full research Seven Myths That Could Compromise Your Ransomware Response, by Ian McShane.

Visit the Gartner Digital Risk & Security hub for complimentary research and webinars.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Gartner IT Roadmap for Cybersecurity: A Resilient Strategy

Gartner IT roadmap for cybersecurity based on unbiased research and...

Learn More


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching