Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Ransomware Should Push You to Better Protect Your Databases

The global WannaCry ransomware outbreak helped steer much-needed mainstream conversation toward the menacing situation many organizations face when it comes to confronting extortion-style attacks.

But for all the awareness that WannaCry helped bring, one weighty attribute of the incursion seemingly went overlooked by many in the security industry: database files were among the many types of files that the ransomware sought to encrypt and render inaccessible.

The fast-spreading cryptoworm targeted not just personal documents, images and videos residing on user workstations, but also mission-critical database file extensions, including .accdb, .dbf, .mdb, .myd, .odb, and .sql. That means that organizations with databases running on vulnerable Windows hosts placed themselves at risk of significant business impact. If a database server is compromised, it impacts every application and user that needs access to that database.

 

Download the "Winning the War on Ransomware" Infographic

So why did this development never earn prominent placing in the WannaCry story? It's hard to say, but it could come down to the unfortunate truth that the security of databases - ransomware incidents aside - is often given short shrift compared to the network perimeter.

Which is why organizations may want to use WannaCry - and other ransomware families that target databases - as a reason to rethink the way they prioritize protection within their IT environment. If you proactively work to ensure the resiliency of your databases and their contents, you won't erase the need to secure your endpoints and applications, but you can rest easy knowing your crown jewels received at least commensurate attention.

To accomplish this feat in the context of ransomware, you must:

1) Maintain the latest patches on your database servers.

2) Back up your databases.

3) Run anti-virus and anti-malware.

4) Test for vulnerabilities and other weaknesses, like improper access.

5) implement technology that includes a secure email gateway and endpoint protection.

6) Offer security awareness education for employees. Even though WannaCry arrived through exposed SMB ports and didn't involve user interaction, most ransomware attacks start with a successful phish.

Ultimately, ransomware defense requires the same best practices, whether the attack is targeting your database files or some other part of your environment. But if you can use this growing threat as a way of generating increased focus on safeguarding your most prized possessions of all - your database contents - as well as working harder to combat ransomware attacks in general, then perhaps there is a silver lining, however slight, to all of this.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo