Cybersecurity: Ransomware

Rie Vainstein • May 24, 2024

 

Cybersecurity: Ransomware

 

Ransomware has emerged as a significant and powerful danger to enterprises, globally. Ransomware is a form of malicious software that encrypts or restricts access to your data until a payment is made. Ransomware occurrences have resulted in substantial financial losses, data breaches, and operational disruptions in multiple industry sectors.


According to SANS in 2023 there was over a 70% increase in ransomware cases with ransom payments, according to Chainalysis, exceeding $1 billion. However, VEEAM notes that even though the ransom demand was paid, in 24% of those cases the data was not recoverable. According to Fortinet, even after paying the ransom, only about 4% of companies ever receive all their data back, with most only receiving about 60% of it.


Cybercriminals are getting more brazen: they even rent out their ransomware tools in order for others to use in their extortion attempts!

Cybercriminals are getting more brazen: they even rent out their ransomware tools for others to use in their extortion attempts! This process is called Ransomware-as-a-Service or RaaS. This serves to extend the magnitude of sources of attack.


Incursions can originate from many sources, including links in emails (phishing), or when a user visits an infected website which causes the malware to be downloaded without the user’s knowledge (drive by), or from social media / web-based messaging applications.


In the face of this increasing risk, the significance of employee education to help with the goal of frustrating ransomware attacks, cannot be emphasized enough. Educating employees improves their capacity to identify phishing, to use safer browsing behaviors, and to more effectively recognize potentially suspicious activity. This, in turn, accelerates incident reaction times and reduces the probability of attack success.


How can you start the process of educating your employees? There are a number of things you can do:


1. Initiate a survey of your assets to determine the most likely places for a cyber incursion – identify your “attack surfaces”. This should include internet-connected PCs, laptops, and network equipment.


2. Determine who has access to these devices: look for employees, contractors, partners, and others.


3. Make a list of these personnel. These personnel hold the protection of your system in their hands. One accidental slip in their concentration – perhaps they are busy and accidentally click on an emailed link – could be devastating to your environment.


4. Review available standard trainings, or sources of customized training, and enroll your personnel.

How We Can Help

To start the process as efficiently and cost-effectively as possible, NC-Expert provides you with a 1-day starter training session: CyberSAFE.

( https://www.nc-expert.com/class/certnexus-cybersafe )


In this training, your team will be taught the basics of cyber security, and will be made aware of the fundamental traps into which many employees fall, inadvertently allowing attackers access into your system.


Once this training has been completed, we can provide further trainings, which increase in complexity as your employees progress up the access permissions chain.


We can provide standard training classes or can customize a program to suit your specific needs and budget. Our trainings are delivered by expert instructors, for individual employees (in our public classes) or for private groups, virtually/online (in real time) or at your site. Contact us for details.


You are welcome to visit our website: https://www.nc-expert.com/


Or you can view our Security training portfolio here: https://www.nc-expert.com/training-classes-by-track#NetworkSecurity

...


About NC-Expert

 

NC-Expert is a privately-held California corporation and is well established within the Wireless and Cyber Security industry certification training, courseware development, and consulting markets. 

NC-Expert has won numerous private contracts with Fortune level companies around the world.  These customers depend on NC-Expert to train, advise, and mentor their staff. 

If you are looking for the best in IT industry training then call us at (855) 941-2121 or contact us by email today.

This post appeared first on NC Expert .

NC-Expert Blog

Troubleshooting Wireless Networks with Ekahau

By Phil Morgan March 13, 2025
Troubleshooting Wireless Networks with Ekahau: A Professional Engineer’s Guide Wireless networks have become the backbone of modern business infrastructure. From office environments to large-scale enterprises, ensuring a seamless wireless experience is essential for productivity. However, despite advancements in Wi-Fi technology, network performance issues often arise, ranging from signal interference and dead zones to capacity overloads and channel mismanagement. To tackle these issues efficiently, professional engineers rely on powerful tools. One such tool, Ekahau AI Pro, has become a gold standard in the wireless industry for troubleshooting and optimizing Wi-Fi networks. This blog delves into troubleshooting wireless networks using Ekahau tools, providing practical examples and technical insights to guide professional engineers in improving network performance.

Post-Quantum Cryptography: The Future of Digital Security?

By Rie Vainstein March 3, 2025
Futureproofing Our Security In our increasingly connected world, the security of digital information has never been more critical. From banking transactions to private communications, our data is constantly transmitted and stored across the internet. The current systems that protect this data rely on cryptography, a branch of mathematics that helps keep information secure by encoding it in ways that are difficult to decode without the proper key. However, with the rise of quantum computers, traditional cryptography is facing new and significant threats. This is where Post-Quantum Cryptography comes into play. What is Post-Quantum Cryptography? Post-Quantum Cryptography (PQC) [1] refers to cryptographic algorithms that are specifically designed to be secure against the power of quantum computers. Quantum computers, once they become practical, will be capable of solving complex mathematical problems much faster than classical computers. This will render many of the encryption methods we rely on today [such as RSA (Rivest, Shamir, and Adleman – initials of the inventors) and ECC (Elliptic Curve Cryptography)] vulnerable to attack. Quantum computers operate on quantum bits, or “qubits”, which can exist in multiple states simultaneously, unlike classical bits that are either a zer (0) or one (1). This allows quantum computers to perform certain calculations exponentially faster than classical computers. For example, in a matter of seconds, a quantum computer could potentially break an RSA key, which is considered secure by today’s standards. As quantum computing technology advances, the need for PQC becomes even more urgent.

Designing a Wi-Fi Network

By Phil Morgan February 27, 2025
Designing a Wi-Fi Network This is the first in a series of blogs on Wi-Fi operation, design, and troubleshooting. Designing a Wi-Fi network is much easier if you have the right procedures and tools in place. First you must collect data about the network: What are the requirements of the network? What is the goal of the new network? What is it meant to achieve? Are there any constraints you have to overcome? Next you have to decide what wireless vendor is being used? One of the most important things to get is an accurate map (or plan) of the site and the various floors.
Share by: