Multi-factor authentication is being touted as the silver bullet to ransomware.

Why Aren’t We Taking This Simple Step to Stop Ransomware?

Over the weekend I came across an article titled Why Aren’t We Taking This Simple Step to Prevent Ransomware? written by Chandra Brown. It was a quick read, that touted the use of multi-factor authentication (MFA) to prevent ransomware attacks. MFA is when two or more verification methods are needed to grant access to a device or network and, is in fact, important to enhance the integrity of one’s digital infrastructure.

However, we know one of the biggest faults in an organization’s cybersecurity structure is the human element. Over 90% of cyber incidents are a result of human error. MFA would not prevent these cyber incidents, because these individuals are authorized to be on the network.

So what can you do to stop ransomware?

By deploying a cybersecurity solution that implements application whitelisting, the risk of malware infecting the network is significantly reduced. A zero-trust endpoint security solution can effectively reduce the risk of human error, by eliminating the ability of unknown programs to execute within the company’s network. Application whitelisting agents only permit tested and proven secure programs to run. Therefore, even if an employee is targeted with a phishing email and clicks on a malicious attachment that has ransomware, it will not run because the attachment is not a tested, and proven secure program.

Where does MFA enhance security?

As mentioned, MFA is important to an organizations security stack as well. MFA reduces the risk of cyber criminals brute forcing their way into an organization’s network. Brute force attacks take place when credentials and passwords are attempted repeatedly, until the correct password is found. If MFA is enabled, even if a hacker guesses the correct password, they will not have the secondary method to authenticate access.

Brute force attacks are certainly a risk, and increased in 2020 with the influx of remote employment. However, a majority of cyber attacks take place through phishing emails, where MFA would not stop ransomware.

The unfortunate reality is, there are several attack vectors, or means for cyber criminals to attempt to infect a network. The true way to reduce the risk of malware running within the network goes back to the zero-trust framework of application whitelisting.

 1,881 total views,  4 views today

(Visited 1 times, 1 visits today)

12 thoughts on “Why Aren’t We Taking This Simple Step to Stop Ransomware?”

  1. Sherwood D. Uhrmacher

    Yes, as a practical solution to any attempt to penetrate, or mis-use an online system, backups are extremely important. And, I suggest that creating a “mirror image” of a particular hard drive, for example, provides not only a backup of the important data on that drive, but also can include multiple drives, that might include the Operating System. Should ransomware be encountered, (and there have been religious backups of all important data), then it’s a simple matter to reformat that drive, and reload the mirror image. In very large applications (drives), “sequential” backups could be employed, where only data that has changed, is safely backed up, and when disaster occurs, reloading the current mirror image restores things to the last date of backup activity.

  2. On the surface, utilizing a backup would seem to be a failsafe option with an important caveat. Simply put, you may have little idea when your system was hacked and whether your backup was infected. We become aware of ransomware when it’s activated but before that, we have few if any clues it may be dormant within a system. Was it installed a day, weeks or months ago? Because of that, the ransomware may have found its way to our backup system during a routine backup and wiping the primary system clean and installing the backup could easily reinstall the insidious ransomware.

  3. Same question but no response to my request for an answer about my issue from your company. Please refund the $100.00 because your company never supplied security and I was a member when I paid the money. No, I have not stated this demand before.

  4. Same question but no response to my request for an answer about my issue from your company. Please refund the $100.00 because your company never supplied security and I was a member when I paid the money.

  5. As I have stated several times I paid your company $100. for security against ransomware etc. but still no results. No security. Please explain.

  6. Surely, if your data are regularly backed up offline and you are targetted by ransomware can’t you simply restore from the backup?

    1. In a perfect world, yes. However, there are times when the backups may too be compromised. Additionally, for when it comes to business attacks, hackers are threatening to expose the company’s data (ie: client information, patient files, customer payment information, personally identifiable information, etc.) if they don’t pay the ransom demand. Therefore, even if you have backups — you’re still facing issues. Prevention is key.

  7. What do I need to do to prevent random ware? Do I need to get more of your services? I am a lifetime member. Just let me know please. Thank you for all your wonderful help through the years!

    1. No, you will not need any other products or services from us. When you paid for lifetime service, that is what you will get. Lifetime protection with all updates included. Have a great day!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.