Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

The Simple, UGLY Truth of Ransomware

July 18, 2019

  • Blog
  • Archive

There is an ugly truth of ransomware that the cybersecurity community neglects to discuss. It is not about the crime committed, the cyber threat actors trying to monetize your misfortune, nor about the potential loss of systems or data. It is the simple fact that ransomware is really just a computer virus.

Regardless of whether you refer to it as malware or ransomware, it is essentially an undesirable program that you did not intend to execute and that has potentially dire consequences for your systems. As with most malware, it is a maliciously designed piece of software intended to compromise your systems by exploiting vulnerabilities, administrative rights, office macros, lateral movement, and social engineering to extract funds from your organization, or otherwise inflict harm.

So, What Does this Mean for Your Cyber Defense Plan?

As just another computer virus, ransomware must be treated as such. This is just a simple truth and why going above and beyond traditional virus countermeasures actually provides an effective cyber defense strategy that can prevent infection. Consider the following:

  1. Ransomware, despite have a unique name branded to it, is just a computer virus (the ugly truth)
  2. Computer viruses execute on a computer only if they have privileges to execute, leverage methods to launch remote code (MS Office Macros or PowerShell), or they exploit a vulnerability or misconfiguration (a realistic truth about how they infect a system).
  3. An unauthorized program, like ransomware, cannot execute on a host that has implemented good allow listing and block listing application control. This includes blocking anything not properly digitally signed (an honest truth about a possible defensive strategy).
  4. Ransomware is not traditionally a targeted attack. The weak are generally infected and, recently, state and local governments have been taking the brunt of the attacks due to aging systems, lack of funding, limited personnel resources, and poor basic cybersecurity practices (another ugly truth).

So, where does this leave the typical organization or information technology professional? Just remember the U.G.L.Y. truth:

  • U. is for Users: Ransomware succeeds because end users typically fall victim to their primary method of delivery, social engineering via phishing / spear phishing attacks. Educate and train your users to identify these malicious emails so they don’t fall victim to the malicious payloads.
  • G. is for Grant Access: Only grant access to trusted applications and properly digitally signed macros and PowerShell scripts. You can accomplish this by using application control technology. Application control can mute the viral portion of ransomware by stopping its execution from the start.
  • L. is for Least Privilege: Remove administrative rights from end users. In 2018, 81% of all Microsoft Vulnerabilities could be mitigated by removing administrative rights and exploits that are used to propagate ransomware can be stopped dead in their tracks too with this basic policy change. You can actually enforce least privilege and application control with the best endpoint privilege management solutions.
  • Y. is for You: You can be a victim of ransomware—no one is immune. Implementing these basic procedures in addition to cybersecurity fundamentals like vulnerability, patch, end-of-life, and configuration management. These will help ensure YOU are not a victim of ransomware.

And, the next time another ransomware attack is in the news, consider how UGLY it could be for your organization and what you can do to prevent it.

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

Webcasts

Welcome to 2021: A BeyondTrust Global Partner Update

Webcasts

Security Wellness Check: Keeping Healthcare Safe from Ransomware & other Cyberattacks

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.