KuppingerCole Report
Advisory Note
By Martin Kuppinger

Understanding and Countering Ransomware

Ransomware is a top security threat and continuously on the rise. Financial organizations, healthcare institutions, and manufacturing industries are the most vulnerable groups; however, individual users as well have been victims of ransomware. The purpose of this Advisory Note is to analyze the concept of ransomware, elaborate on its global reach and provide concrete advice on what to do if hit by ransomware.

1 Executive Summary

Ransomware is, without any doubt, one of the hottest topics in cybersecurity these days. Attacks such as the ones of the WannaCry and the Petya ransom ...

Login Free 30-day Select Access Get full Access

2 Highlights

  • Ransomware is on the rise and as long as appropriate security measure are not in place, it will continue to grow
  • Across the globe, different organ ...
Login Free 30-day Select Access Get full Access

3 The Concept of and Business Model behind Ransomware

Ransomware is a top cybersecurity threat for every organization and individual. It has quadrupled in 2016 compared to the previous year, and it is est ...

Login Free 30-day Select Access Get full Access

3.1 How does Ransomware work?

Ransomware is malware, e.g. a malicious software that infects target systems. Distribution commonly works either via trojans, i.e. files appearing to ...

A typical scenario can be divided into three phases:

  1. Attack: In the first phase, users are tricked into clicking links or opening attachments. Oc ...
Login Free 30-day Select Access Get full Access

3.2 Targeted vs. mass attacks, known vs. unknown exploits

To better understand the risks caused by ransomware, it is important to understand the way ransomware attacks commonly work, but also the challenges i ...

Figure 2 shows the changes of risk during the lifetime of an attack vector. When it is created, no one aside from the creator(s) knows about the malwa ...

Login Free 30-day Select Access Get full Access

3.3 The business model behind ransomware

Ransomware has the most obvious business model of all types of malware. It is about earning money by ransom. It is said that alone the ransomware Cry ...

Also, according to the Symantec Internet Security Threat Report, the number of “ransomware families”, i.e. related ransomware based using the same ...

Login Free 30-day Select Access Get full Access

4 The State of Ransomware

Ransomware is a global challenge today. It affects systems globally, it affects all types of organizations and private users, and it is growing. There ...

Login Free 30-day Select Access Get full Access

4.1 Recent numbers on Petya and Wannacry

The most recent ransomware attack which struck in June 2017 was Petya, which also goes by name NotPetya! or GoldenEye. This type of a global cyberatta ...

Login Free 30-day Select Access Get full Access

4.2 The global distribution of ransomware

According to Symantec and Verizon, ransomware has grown globally to become one of the most widespread malware varieties. In addition, developed nation ...

Developed nations are usually the prime targets for ransomware

While Europe as a whole is most affected, other areas also have seen a large numb ...

Login Free 30-day Select Access Get full Access

5 Countering Ransomware

Countering ransomware requires an adequate organization and must cover all phases of the cybersecurity cycle, from identification of risks to recovery ...

Login Free 30-day Select Access Get full Access

6 What to Do If Hit by Ransomware?

Ransomware can hit anyone. Be prepared for such scenarios and know what to do. The major steps are isolating affected systems, so that ransomware stop ...

Login Free 30-day Select Access Get full Access

6.1 Isolate

In order to prevent ransomware from spreading across networks, infected systems should be isolated from the network as soon as possible. This is cruci ...

Login Free 30-day Select Access Get full Access

6.2 Investigate

There are over 100 active ransomware families, and they use varying techniques and have different behaviors. Some ransomware locks the users’ scree ...

Login Free 30-day Select Access Get full Access

6.3 Recover

The recovery phase after a ransomware attack can be time-consuming, depending on the amount of data that was affected and how available and current th ...

Login Free 30-day Select Access Get full Access

7 Recommendations

KuppingerCole’s top recommendations for organizations to increase their ransomware attack resilience include:

  • Although there are a variety of tool ...
Login Free 30-day Select Access Get full Access

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top