Ransomware2-Why Ransomware attack happened again and again

What we have for defending security attacks

1 Physical control methods

2 Technical control methods

3 Management methods

Why Ransomware happened in highly secured IT environment

1 They are high-value targets, and they are will to pay ransom for their data/services

2 Lack of security awareness as usual

3 IT security system(Security appliance, Endpoint security, Antivirus) didn’t work to detect the Ransomware

Why Ransomware is different from other security attacks

1 No one can recovery encryption data without the decryption key

2 Data and services are the main targets

3 The big firm cannot afford data/service outage

Why IT security system(Security appliance, NGFW/WAF, IPS, Endpoint security, Antivirus) doesn’t work

1 Inside user accidentally trigger the malicious file/behavior and bypass front edge security appliances

2 Most of Ransomware is new, and most of Antivirus only detect the known virus payload

3 Ransomware uses the legitimate application to spread/perform attacks

4 Some Ransomware perform ATP attacks

What happened to the victim’s recovery policy

1 They might not have a proper recovery plan and policy

2 Ransomware damaged the IT infrastructure

3 Victims don’t have enough backup data to recovery services

4 They aren’t sure Ransomware is fully purged from the IT environment

And what matters to you