Ransomware: Be a Victor, Not a Victim.

Ransomware attacks are not only becoming more sophisticated, but also more frequent. In May of this year alone, we have seen multiple successful ransomware attacks against high-value targets, such as:

• May 5^th – D.C Metropolitan Police Department
• May 5^th – Scripps Health Hospital
• May 6^th – Colonial Pipeline
• May 6^th – City of Tulsa Police Department (911 Services)

Following the Colonial Pipeline attack, President Biden signed an executive order to boost America’s cyber defenses. A senior Biden administration official stated that the order “reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security.”

One of our missions at CRITICALSTART is to empower modern enterprises by protecting them from malicious activity. We help our customers implement the most effective security strategies to stay ahead of impending cyberattacks.

Our new Ransomware Protection Guide, created by our Microsoft Solutions Services Principal, Ronald Prasad, outlines a ransomware prevention plan to help you protect and defend against ransomware attacks using Microsoft Security Best Practices and CRITICALSTART Managed Detection and Response (MDR) services.

Included within are suggested solutions to common cybersecurity concerns, such as preventing malware delivery and the spread and execution of malicious code, as well as protecting sensitive data. Within the pages of the guide, you will also find convenient links to additional Microsoft resources for the many topics shown in the chart below.

What is Ransomware?

Ransomware attacks involve malware that encrypts files on a device, rendering them unusable. Attackers typically target high-value files, then demand a ransom be paid in exchange for the decryption key. Attackers may also threaten to sell or leak the encrypted data if the ransom is not paid. Ransomware malware is often delivered via a phishing scam, masquerading as a file the user can trust, or via security holes in the organization’s network, such as a known vulnerability that hasn’t been patched.