Ransomware: Defending Against Digital Extortion
The 1989 Yankee Doodle virus, an early form of malware, was restricted to playing the patriotic song. Many things have changed over time, and ransomware is taking a much more melodious tones. Numerous individuals and businesses of every size are being prevented from accessing their data and systems until ransomware creators pay them.
This week, more than half the MongoDB-facing MongoDB databases were affected by ransomware attacks. Ransomware can pose a serious information security threat and can cause irreparable damage. Do you need more proof that ransomware is a serious problem? This list contains ransomware-related events that David Balaban has compiled over the past 8 months.
Allan Liska, Timothy Gallo and Timothy Gallo wrote Ransomware Defending Against Digital Extortion (O’Reilly Media ISBN 978-1491967881). This concise guide explains what the reader can do to avoid becoming a victim or minimize their chance of being a victim of ransomware attacks. It also lists what to do if your company is the victim of ransomware attacks.
The book explains that ransomware attacks most often occur via email. The best way to protect the messaging infrastructure is to use a multi-layered approach. They recommend using a gateway to identify and quarantine ransomware at the perimeter.
Each email contains a link that a user may click to load ransomware onto their computer. Gallo and Liska stress the importance of effective awareness training. In the event of a bad outcome, they don’t want to place all blame on the user.
The authors recommend that basic information security practices be part of any risk mitigation measures. It is important to have a tested and effective data backup plan in place to avoid being charged ransom.
The book is 190 pages long and doesn’t waste space. It gives you an overview of ransomware. The book provides a brief overview and then explains the tactical options that can be used at different levels of an enterprise.
Amazon reviews state that the book is good, but still needs to be improved. There were a few editing errors that I found, but they were minor. This book is a great reference, especially considering the devastation caused by ransomware. You’ll be able to better defend against ransomware and deal with it if you can accept a few errors and keep your eyes on the excellent tactical advice in the book.