search menu icon-carat-right cmu-wordmark

Ransomware: Best Practices for Prevention and Response

July 2017 Podcast
Alexander Volynkin, Angela Horneman

In this podcast, CERT researchers spell out several best practices for prevention and response to a ransomware attack.

“Newer versions of ransomware seem to be targeting not just your storage of data on your documents, folders, and things like this, but also go after backups, data-baseed backups, and so on, either on the personal computers or on the network storage and other storage devices. It is important to have this, what we call, air gap between the network that is currently running and the database backup that needs to exist elsewhere.”

Listen

Loading Podcast.....

Watch

Abstract

On May 12, 2017, in the course of a day, the WannaCry ransomware attack infected nearly a quarter million computers. WannaCry is the latest in a growing number of ransomware attacks where, instead of stealing data, cyber criminals hold data hostage and demand a ransom payment. WannaCry was perhaps the largest ransomware attack to date, taking over a wide swath of global computers from FedEx in the United States to the systems that power Britain’s healthcare system to systems across Asia, according to the New York Times. In this podcast, CERT researchers spell out several best practices for prevention and response to a ransomware attack.

About the Speaker

Alexander Volynkin

Alexander Volynkin is a senior research scientist in the SEI’s CERT Division. His research interests include network security, malware behavior analysis, advanced reverse-engineering methods, and cryptanalysis. He has authored numerous scientific publications and a book on malware behavior analysis and holds a patent related to full-disk encryption technologies. Volynkin is a recipient of multiple awards for his research publications.

Angela Horneman

Angela Horneman is a network intelligence analyst for the SEI's CERT Division. Her focus is on helping others understand network cybersecurity topics and solve related problems so that they can make better decisions, improve their security posture, and better interact in the cyber world. Prior to joining CERT in 2013, she worked for a software company where her responsibilities included release management, technical writing, application support, and assisting business analysts and developers.