A Reseller’s Opportunity – Education and Protection
Ransomware threats have been increasing year-over-year, yet several businesses are not aware of the magnitude of the cyber threat. This lack of awareness could be on this particular form of malware, or it may spill over into proper protection methods.
It has become a reseller’s opportunity to educate customers on both facets. First, resellers must make customers aware of modern cyber threats, including ransomware. This knowledge doesn’t have to dive deeply into the coding, or executables, but resellers should have basic knowledge of ransomware including what it is, where recent attacks have taken place, and how costly it is to remediate post attack.
What is Ransomware?
Ransomware is a form of malware that, if successfully executed, will encrypt files within the infected device. There is no way to unlock these files. Therefore users are left to restore systems using backup files.
Recent ransomware attacks include the PGA, Health Management Concepts (HMC), and the City of Atlanta. In each of these instances, critical information was encrypted by the hackers; however, only HMC paid the hackers to restore their files. Paying the hackers is never recommended. Not only does it put a target on your back for future attacks, but there is no guarantee they will actually provide a decryption key. To try and assure themselves the hackers would decrypt the files, HMC sent the hackers a file to unlock. Unfortunately, this led to a major oversight. The file HMC sent included patient data. The hackers decrypted the document, but also inadvertently had access to HMC patient data.
Beyond paying the ransom, costs associated with remediation include forensic investigations, employee over-time, reputation damage, and a decrease in efficiency and productivity.
Offering Effective Protection
Resellers must offer proper protection to keep consumer systems protected. As most know, remediation post-infection is impossible unless the organization had up to date backup files stored on either a cloud-based service or external device.
In order to effectively thwart ransomware attacks, users must employ a security solution that employs an automated, global whitelist. By using a solution that utilizes a whitelist approach as its primary method of malware detection, the risk of infection decreases significantly.
What’s a Whitelist?
A whitelist will only allow known-trusted programs to execute. Traditional security solutions run off a blacklist, meaning only known threats are blocked from running. The problem is — new threats are emerging every hour and the blacklist cannot keep up. By offering a solution that employs a globally automated whitelist, there will not only be increased security but also increased efficiency, compared to alternative whitelist options.
