Yes – Ransomware is Still a Thing

Pam Roman

Protect Your Company

News report: “Universal Health Services, one of the largest healthcare providers in the U.S., has been hit by a ransomware attack.” In a ransomware attack, the bad guys probe for vulnerabilities in the target’s computer system. Once in, they enter code that encrypts files, rendering them inaccessible. The hackers will send a decryption key only after the victim pays the demanded ransom.

Plan to be a SOAR winner against ransomware

Ransomware attacks (malware) are happening more frequently than ever before. Every company needs to have a security framework that includes a Security Orchestration, Automation and Response (SOAR) plan to address ransomware attacks. SOAR solutions streamline security operations in three main areas:

1) Threat and Vulnerability (Orchestration)

You need to detect and prevent the security vectors (the pathways into your system used by hackers) that allow ransomware to be installed and run in your company’s network. Threat detection/analysis solutions are constantly updated with the latest security vectors from around the world. These solutions analyze and detect security threats and prevent your environment from being compromised. Detecting, analyzing and removing the latest ransomware/malware versions is a critical first line of threat and vulnerability defense.

2) Incident Response

Okay, you tried your best to detect and prevent all the security vectors from entering your computing environment, but there was that one person who received an email and clicked an attachment or hyperlink. That one click started the download and installation of the ransomware on a computer and its replication to other servers and applications. 

  • Having an Incident Response (IR) plan to address this type of event is critical to stopping and recovering from a malware incident. The Incident Response needs to have easy to follow steps on how to stop and uninstall ransomware from running and propagating within your network.
  • If Personal Identifiable Information (PII) was compromised, then the General Data Protection Regulation (GDPR) and/or California Consumer Privacy Act (CCPA) may require you to notify the impacted end users within a set timeframe. The Incident Response playbook should detail how to notify those end users whose personal data may have been compromised.

3) Operations automation

Streamlining or automating security practices frees up engineering time that would otherwise be used scanning, patching and resolving security incidences. Automation:

  • Removes potential human errors (such as typos, wrong admin commands or admin rights to a wrong account) made during regular operational tasks.
  • Increases operational security by consistently performing manual tasks, removing potential human errors from happening.
  • Provides standard procedures for Incident Response activities and tasks.
  • Deploys Identity and Access Management (IdM) solutions to secure and manage user Identity life cycle (identity and access recertification, password management), and access management (SSO, 2FA, PAM) across the enterprise.

Make SOAR part of your security framework and help ensure that your company will stay out of the latest news reports on hackers and ransomware.

Talk with us

You have a vision for your organization – don’t let your technology slow you down. Prolifics Security helps you architect and implement SOAR solutions by discussing and prioritizing security requirements, as part of an overall security framework. Talk with us – let’s discuss your challenges, review and reevaluate your plans and get you started where it makes the most sense. Vision to Value. Faster. It’s not just our tagline, it’s what drives us. It’s how we deliver solutions and services. It’s our commitment to you – and it’s needed today more than ever. Visit www.prolifics.com or email solutions@prolifics.com.

About the author

Rob Adachi is Head of Security – Identity and Access for Prolifics and also leads a team of engineers implementing Tivoli security solutions for Fortune 500 companies. He has more than 20 years in the Identity Management field, starting with the early software development of the product that is now known as Tivoli Identity Manager (ITIM). Learn more about Rob here and reach him at Robert.Adachi@prolifics.com.