Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Ransomware Should Push You to Better Protect Your Databases

The global WannaCry ransomware outbreak helped steer much-needed mainstream conversation toward the menacing situation many organizations face when it comes to confronting extortion-style attacks.

But for all the awareness that WannaCry helped bring, one weighty attribute of the incursion seemingly went overlooked by many in the security industry: database files were among the many types of files that the ransomware sought to encrypt and render inaccessible.

The fast-spreading cryptoworm targeted not just personal documents, images and videos residing on user workstations, but also mission-critical database file extensions, including .accdb, .dbf, .mdb, .myd, .odb, and .sql. That means that organizations with databases running on vulnerable Windows hosts placed themselves at risk of significant business impact. If a database server is compromised, it impacts every application and user that needs access to that database.

 

Download the "Winning the War on Ransomware" Infographic

So why did this development never earn prominent placing in the WannaCry story? It's hard to say, but it could come down to the unfortunate truth that the security of databases - ransomware incidents aside - is often given short shrift compared to the network perimeter.

Which is why organizations may want to use WannaCry - and other ransomware families that target databases - as a reason to rethink the way they prioritize protection within their IT environment. If you proactively work to ensure the resiliency of your databases and their contents, you won't erase the need to secure your endpoints and applications, but you can rest easy knowing your crown jewels received at least commensurate attention.

To accomplish this feat in the context of ransomware, you must:

1) Maintain the latest patches on your database servers.

2) Back up your databases.

3) Run anti-virus and anti-malware.

4) Test for vulnerabilities and other weaknesses, like improper access.

5) implement technology that includes a secure email gateway and endpoint protection.

6) Offer security awareness education for employees. Even though WannaCry arrived through exposed SMB ports and didn't involve user interaction, most ransomware attacks start with a successful phish.

Ultimately, ransomware defense requires the same best practices, whether the attack is targeting your database files or some other part of your environment. But if you can use this growing threat as a way of generating increased focus on safeguarding your most prized possessions of all - your database contents - as well as working harder to combat ransomware attacks in general, then perhaps there is a silver lining, however slight, to all of this.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Unveiling the Latest Ransomware Threats Targeting the Casino and Entertainment Industry

Anyone who has visited a casino knows these organizations go to a great deal of expense and physical effort to ensure their patrons do not cheat. Still, there is a large group of actors who are...

Read More

Third-Party Risk: How MDR Offers Relief as Security Threats Abound

While third-party products and services are crucial to everyday business operations for almost any company, they also present significant security concerns, as high-profile attacks including...

Read More

Trustwave Takes Home Comparably Best Company Outlook for 2024 Award

Comparably, a leading workplace culture and compensation monitoring employee review platform selected Trustwave to receive its Best Company Outlook for 2024 Award. This award marks the seventh time...

Read More