What we have for defending security attacks
1 Physical control methods
2 Technical control methods
3 Management methods
Why Ransomware happened in highly secured IT environment
1 They are high-value targets, and they are will to pay ransom for their data/services
2 Lack of security awareness as usual
3 IT security system(Security appliance, Endpoint security, Antivirus) didn’t work to detect the Ransomware
Why Ransomware is different from other security attacks
1 No one can recovery encryption data without the decryption key
2 Data and services are the main targets
3 The big firm cannot afford data/service outage
Why IT security system(Security appliance, NGFW/WAF, IPS, Endpoint security, Antivirus) doesn’t work
1 Inside user accidentally trigger the malicious file/behavior and bypass front edge security appliances
2 Most of Ransomware is new, and most of Antivirus only detect the known virus payload
3 Ransomware uses the legitimate application to spread/perform attacks
4 Some Ransomware perform ATP attacks
What happened to the victim’s recovery policy
1 They might not have a proper recovery plan and policy
2 Ransomware damaged the IT infrastructure
3 Victims don’t have enough backup data to recovery services
4 They aren’t sure Ransomware is fully purged from the IT environment