Is Destructive Malware Slowly Becoming a Common Trend?

March 8, 2018 | Views: 4171

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


Ask any end user or general IT administrator which cyber-attack they are most fearful of. There is a good chance they will respond with “Ransomware”. I would quickly argue that any IT administrator who is worth their paycheck should not be fearful of Ransomware. A robust backup plan, a tested and proven incident response/recovery plan and an IT staff that has a sound understanding of their own environment should allow for a smooth and efficient recovery from Ransomware. I on the other hand, based on a trend that is growing, would be fearful of the purely malicious and cruel “Destructive Malware” attacks.

Some notable destructive malware attacks include the NotPetya attack from June 2017, a recent attack on a California voter database and most notably the Olympic Destroyer data-wiping malware that has caused havoc at this year’s Winter Olympic Games. These attacks, especially the NotPetya and Olympic Destroyer attacks, have caused a lot of frustration for those affected, and in the case of NotPetya, large monetary losses. While it is easy to understand the motivation for the actors behind these attacks (politically motivated in a lot of cases), it is also a scary sign of what the future may hold.

It is abundantly clear that a lot of organizations do not implement the necessary security controls or policies required to protect themselves from malicious cyber-attacks. When non-nation state actors and low-level actors decide to start spreading destructive malware with more frequency, any organization that does not maintain a strong security posture will surely experience tremendous frustration, significant monetary losses and possibly the agony of shutting their doors.

If you’re reading this and feel your organization lacks the necessary security controls to properly protect yourselves from destructive malware, Ransomware or other cyber-attacks, the following list may help.

NOTE: In no way is this meant to be an all-inclusive list. I, as well as any other security professional, can write an entire book on recommended steps for securing your organization. This list is meant to provide a very basic overview of recommended steps for beginning the process of securing your organization. 

Basic Steps for Securing Your Organization

  • Lock down your external exposure.
    • Open network ports externally only if they are required for your organization to properly function.
    • Any systems that need to be publicly exposed should be placed in a DMZ.
  • Ensure your systems are up-to-date on all critical system and security patches.
  • Ensure your systems are protected by up-to-date and properly functioning anti-malware/virus protection.
  • Ensure your users are properly trained on how to utilize their email, web and other resources safely and securely.
  • Implement a robust backup solution that allows you to quickly and efficiently recover from a cyber-incident or system failure.
  • Develop an incident response/recovery plan for an organized and efficient response to any cyber-incident or other business interrupting event.
  • Conduct a risk assessment.
    • If possible, have a third-party conduct the risk assessment.
  • Identifying where your organization is most vulnerable will help prioritize your security tasks and deployment of available resources.
    • Lock down user permissions.
    • Lock down local administrators across your organization to only the necessary administrator accounts.
    • Lock down the domain admins group to only the necessary administrator accounts.
    • Create separate admin and non-admin accounts for users who need administrator-level access.
  • Limit the use of removable media devices on your organization’s systems.
  • Implement application control across your organization, black-listing insecure applications.
Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Personally my “fear” of ransomware is solely from the perspective of financial impact from downtime during recovery. My budget will not permit a DR plan that involves real time synchronisation offsite, so ransomware incurs financial losses.

  2. Like you know my first guess would have been Ransomware too!
    Thank you for your post.

  3. Like you know my first guess would have been Ransomeware too!
    Thank you for your post.

  4. Very detailed and informative as to the issues today regarding security.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



Is Linux Worth Learning in 2020?
Views: 744 / December 14, 2019
How do I Get MTA Certified?
Views: 1315 / December 12, 2019
How much does your PAM software really cost?
Views: 1752 / December 10, 2019
How Do I Get into Android Development?
Views: 2142 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?