Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Ransomware Should Push You to Better Protect Your Databases

The global WannaCry ransomware outbreak helped steer much-needed mainstream conversation toward the menacing situation many organizations face when it comes to confronting extortion-style attacks.

But for all the awareness that WannaCry helped bring, one weighty attribute of the incursion seemingly went overlooked by many in the security industry: database files were among the many types of files that the ransomware sought to encrypt and render inaccessible.

The fast-spreading cryptoworm targeted not just personal documents, images and videos residing on user workstations, but also mission-critical database file extensions, including .accdb, .dbf, .mdb, .myd, .odb, and .sql. That means that organizations with databases running on vulnerable Windows hosts placed themselves at risk of significant business impact. If a database server is compromised, it impacts every application and user that needs access to that database.

 

Download the "Winning the War on Ransomware" Infographic

So why did this development never earn prominent placing in the WannaCry story? It's hard to say, but it could come down to the unfortunate truth that the security of databases - ransomware incidents aside - is often given short shrift compared to the network perimeter.

Which is why organizations may want to use WannaCry - and other ransomware families that target databases - as a reason to rethink the way they prioritize protection within their IT environment. If you proactively work to ensure the resiliency of your databases and their contents, you won't erase the need to secure your endpoints and applications, but you can rest easy knowing your crown jewels received at least commensurate attention.

To accomplish this feat in the context of ransomware, you must:

1) Maintain the latest patches on your database servers.

2) Back up your databases.

3) Run anti-virus and anti-malware.

4) Test for vulnerabilities and other weaknesses, like improper access.

5) implement technology that includes a secure email gateway and endpoint protection.

6) Offer security awareness education for employees. Even though WannaCry arrived through exposed SMB ports and didn't involve user interaction, most ransomware attacks start with a successful phish.

Ultimately, ransomware defense requires the same best practices, whether the attack is targeting your database files or some other part of your environment. But if you can use this growing threat as a way of generating increased focus on safeguarding your most prized possessions of all - your database contents - as well as working harder to combat ransomware attacks in general, then perhaps there is a silver lining, however slight, to all of this.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More