DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Ransomware Attacks Doubled in 2016, but 2017 Doesn’t Have to Be a Repeat

Ransomware Attacks Doubled in 2016, but 2017 Doesn’t Have to Be a Repeat

Cyberattacks, especially ransomware attacks, are becoming extremely prevalent. But, they can be stopped. Read to see what one company is doing.

John Matthew Holt user avatar by
John Matthew Holt
·
May. 15, 17 · Opinion
Like (6)
Save
Tweet
Share
2.71K Views

Join the DZone community and get the full member experience.

Join For Free

Netflix and Greenway Health became crime victims the same week in April that Verizon released itImage titles tenth annual Data Breach Investigation Report on 2016’s leading cyberattack trends. The headline grabber was this:

The number of ransomware attacks doubled in 2016 to the point where 51% of all cyberattacks involved ransomware.

Hackers hijacked the release of Netflix prison dramedy Orange is the New Black, holding the new season hostage for a “modest” ransom. The streaming entertainment company refused to pay and the attackers released the episodes.

Greenway Health suffered a true ransomware attack that impacted access to the Electronic Health Records of 400 client organizations which had to revert to manual processing of health records.  Greenway’s security team worked around the clock to try to restore access while also working to determine how the attack occurred.

Both attacks come with more than obvious financial consequences. Netflix could take a financial hit because of the popular series being available for free. Greenway could run afoul of government regulators that view successful ransomware attacks as HIPAA violations. Having a television series released early is an inconvenience; not being able to access medical records is life-threatening.

Netflix is an anomaly when it comes to ransom targets. Public institutions – government agencies, schools, transit agencies, even state legislatures – were the most popular targets of malicious hackers looking to make a quick bitcoin. Number Two on the hit list were healthcare companies like Greenway. Third were Financial Services groups who tend to have more sophisticated cybersecurity defenses but can’t always keep up with the never-ending barrage of attacks or pace of security patches required to protect their systems.

The Verizon report makes it clear, too, that ransomware is more than just a “big company” problem. More than 60% of the 2016 attacks were against SMB companies with fewer than 1,000 employees. These are organizations that are less likely to have the in-house resources to mount a vigorous cybersecurity defense.

eWeek RansomwareThere are basic steps any organization can take to protect against or respond to ransomware attacks: back up your data, keep your defenses up to date, train your staff, and share information with the cybersecurity community.  These are all good steps, but they are not good enough in an era of highly sophisticated attacks.

Attack vectors change often and new software vulnerabilities are found daily that hackers can exploit. Updating blacklists and whitelists along with patching new vulnerabilities, often found in open source components, are never ending tasks that few organizations are equipped to handle on a timely basis.

New Technologies Can Effectively Block Attempts to Hold You Hostage

Waratek’s application security platform can effectively block all ransomware infections along with other common attack vectors, including the 2013 OWASP Top Ten. Unlike traditional cybersecurity approaches, Waratek does not sit outside vulnerable applications watching the traffic flow in and out in search of the tell-tale signs of an attack.

We are inside an application and can see how each request is executed in real time. If the operation deviates from what’s permitted, that’s flagged as an attack and the action is blocked before any mischief can be done.

Our virtualization approach offers the ability to improve security without the side effects of most current solutions – a high false alarm rate and/or a big drag on the speed of an application. We never need access to your application’s code and you don’t have to routinely tune our solution. Ever.

“Having a television series released early is an inconvenience; not being able to access medical records is life-threatening.”

Ransomware may be the attack currently favored by hackers, but there’s no longer a reason businesses and other organizations should fear becoming a hostage.

Application security

Published at DZone with permission of John Matthew Holt, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Getting a Private SSL Certificate Free of Cost
  • DevOps vs Agile: Which Approach Will Win the Battle for Efficiency?
  • Building Microservice in Golang
  • 5 Steps for Getting Started in Deep Learning

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: