Cybersecurity: Ransomware

Rie Vainstein • May 24, 2024

 

Cybersecurity: Ransomware

 

Ransomware has emerged as a significant and powerful danger to enterprises, globally. Ransomware is a form of malicious software that encrypts or restricts access to your data until a payment is made. Ransomware occurrences have resulted in substantial financial losses, data breaches, and operational disruptions in multiple industry sectors.


According to SANS in 2023 there was over a 70% increase in ransomware cases with ransom payments, according to Chainalysis, exceeding $1 billion. However, VEEAM notes that even though the ransom demand was paid, in 24% of those cases the data was not recoverable. According to Fortinet, even after paying the ransom, only about 4% of companies ever receive all their data back, with most only receiving about 60% of it.


Cybercriminals are getting more brazen: they even rent out their ransomware tools in order for others to use in their extortion attempts!

Cybercriminals are getting more brazen: they even rent out their ransomware tools for others to use in their extortion attempts! This process is called Ransomware-as-a-Service or RaaS. This serves to extend the magnitude of sources of attack.


Incursions can originate from many sources, including links in emails (phishing), or when a user visits an infected website which causes the malware to be downloaded without the user’s knowledge (drive by), or from social media / web-based messaging applications.


In the face of this increasing risk, the significance of employee education to help with the goal of frustrating ransomware attacks, cannot be emphasized enough. Educating employees improves their capacity to identify phishing, to use safer browsing behaviors, and to more effectively recognize potentially suspicious activity. This, in turn, accelerates incident reaction times and reduces the probability of attack success.


How can you start the process of educating your employees? There are a number of things you can do:


1. Initiate a survey of your assets to determine the most likely places for a cyber incursion – identify your “attack surfaces”. This should include internet-connected PCs, laptops, and network equipment.


2. Determine who has access to these devices: look for employees, contractors, partners, and others.


3. Make a list of these personnel. These personnel hold the protection of your system in their hands. One accidental slip in their concentration – perhaps they are busy and accidentally click on an emailed link – could be devastating to your environment.


4. Review available standard trainings, or sources of customized training, and enroll your personnel.

How We Can Help

To start the process as efficiently and cost-effectively as possible, NC-Expert provides you with a 1-day starter training session: CyberSAFE.

( https://www.nc-expert.com/class/certnexus-cybersafe )


In this training, your team will be taught the basics of cyber security, and will be made aware of the fundamental traps into which many employees fall, inadvertently allowing attackers access into your system.


Once this training has been completed, we can provide further trainings, which increase in complexity as your employees progress up the access permissions chain.


We can provide standard training classes or can customize a program to suit your specific needs and budget. Our trainings are delivered by expert instructors, for individual employees (in our public classes) or for private groups, virtually/online (in real time) or at your site. Contact us for details.


You are welcome to visit our website: https://www.nc-expert.com/


Or you can view our Security training portfolio here: https://www.nc-expert.com/training-classes-by-track#NetworkSecurity

...


About NC-Expert

 

NC-Expert is a privately-held California corporation and is well established within the Wireless and Cyber Security industry certification training, courseware development, and consulting markets. 

NC-Expert has won numerous private contracts with Fortune level companies around the world.  These customers depend on NC-Expert to train, advise, and mentor their staff. 

If you are looking for the best in IT industry training then call us at (855) 941-2121 or contact us by email today.

This post appeared first on NC Expert .

NC-Expert Blog

The Realities of Transition Mode

By Phil Morgan February 11, 2025
The Grim Realities of Transition Mode Summary of a recent experience relating to Transition Mode. I have been quite vocal of my hatred of Transition Mode (for WPA3). We have a solution for this - dual SSIDs: https://wifisecuritywizard.com/general/problems-with-wpa3/ IMHO - Transition Mode is dumb! Turn on WPA3, and for everything that doesn’t support it, create a second SSID for now... while you upgrade everything! I have actually said “it’s 2025 for goodness sake, how many devices do you have that don’t do WPA3?!” Well, the other day, the universe decided to mess with me... Scenario: in one of our smaller offices, we are upgrading to Ubiquiti. I arrive on site, I upgrade the system, 5GHz only WPA3, everything is working great! I do one last check, and one of the users mentions, “Oh, the Brother color laser printer isn’t working.” (It’s a nice little device. Prints really well. Cheap to run.)

Frame Size and Wireshark

By Phil Morgan January 24, 2025
This blog is a write up of what was discussed at our AMA webinar session. (Link provided inline.)

The Importance of Training for IT Industry Certifications

By Rie Vainstein January 18, 2025
An Important Task The IT industry is one of the most competitive and dynamic sectors in today’s swiftly evolving technology landscape. Whether you are a seasoned professional seeking to advance your career, or a newcomer seeking to enter into the field, obtaining IT certifications can have a substantial impact on your trajectory. However, earning certifications is not just about passing exams, an important factor is the study and practice that goes into getting ready to sit the exam. Training for IT industry certifications is a critical investment, offering both technical and professional benefits that can pay dividends throughout your career. Enhancing Technical Expertise At its core, IT certification training is designed to deepen your understanding of critical technologies and concepts. Whether it's network administration, design, cybersecurity, or analysis and optimization, each certification offers an opportunity to master a specialized area within the IT environment. By engaging in structured training programs, you not only learn the theoretical aspects of a technology but also gain hands-on experience in applying it to real-world scenarios. For example, pursuing certifications like CWNP’s Certified Wireless Network Administrator (CWNA), CompTIA’s Network+, or Cisco’s Certified Network Associate (CCNA) requires you to develop a solid foundation in network management, administration, and troubleshooting. This level of expertise is often beyond what you would learn on the job without formal training, giving you the ability to perform tasks more efficiently and with greater confidence.
Share by: