5 lessons from the John McClane School of Ransomware Protection

Sometimes heroes don't wear vests. It's time to get Metallic ThreatWise™ and defend your data, not just recover it. It's the #cybersecurity solution John McClane would choose.

The holiday period is upon us, and for me that means one thing, watching Die Hard. 

I may have a soft spot for Kevin McCallister and the charm of Home Alone, but Bruce Willis going up against a band of resolute (and Alan Rickman obviously aside) bad actors (sorry – couldn’t resist the pun) intent on gaining access to a vault of untraceable bearer bonds is the perfect holiday film.

But as I settle down watch it this year, I am struck by the parallels between the movie’s plot and a ransomware attack.  So, what lessons can Die Hard tell us about a ransomware attack?

1. Size of Attack Surface matters

The location for the majority of the Die-Hard action was the Nakatomi Plaza – a 30 plus floor sky scraper in the heart of Los Angeles. 

From airducts to elevator shafts, lobbies to rooftops, and everything in between, there’s a lot of real estate to secure and a lot of places for bad guys to hide. 

Now a data estate is exactly the same.  The more surface there is, the more vulnerabilities and failure points there may be to access or compromise your data.  And it is a big concern, in fact according to recent ESG research, only 12% of IT professionals report that their ransomware detection tools are adequate and can also cover the growing data estate, regardless of where data lives.

2. A ransom might not be what they are after

Remember that scene when Alan Rickman lists names of terrorists that the gang wishes to exchange for the hostages?  It’s a smokescreen with the aim of misdirection. 

The same is true in data security – with so many bad actors using data now in malicious ways (think leakage, exfiltration, theft and restructure) – holding data hostage for a sum of money is a prime objective anymore.  In fact, so much so that ESG estimate that preventing data damage is now the top concern of IT decision makers (88%) overtaking the concerns around recovery.

And if you actually pay the ransom, there is little guarantee that you will get your data back. In fact, according to Matthew Woodwood – only 8% of all ransomware-paying organizations got their data back even after paying the ransom.

3. Social Engineering – The bad actors will have done their research (and are very sneaky)

Just like in Die Hard, the attackers would likely have done their research and will have a sophisticated and detailed plan – that are designed to do more than just data encryption.

They are also sneaky and may employ social engineering tactics, which is a popular tactic among attackers because it is often easier to exploit people than it is to find a network or software vulnerability.  Passwords and existing security measures are very valuable and internal employees are often targets – at all levels of the organization.

Social Engineering will often be used as a first step in a larger campaign.  You can find out more in this tech target article here.

4. The attacks will keep on coming (and coming)

As well as being well informed, motivated and cunning, our attackers are persistent.  John McClane would have had a much easier job if he was fending off just one bad actor, but the reality is (as with in a ransomware attack) the numbers are stacked against him.

For attackers, a single-minded strategy rarely leads to a successful breach. Threat actors increase their chance for return on investment by following multiple paths to their target – critical business data – by diverting their attack strategies. 

5. Don’t “just” rely on recovery or insurance

If Bruce Willis just waited it out with the hope that insurance would pay out, then it would be a pretty short film, and one that might not have had a dramatic ending!  

Cyber Insurance is an area that has changed rapidly over the past 12 months.  Clauses around cybersecurity insurance are increasingly tightening – as evidenced by Lloyds of London earlier this year.  Many insurers are also imposing stricter safeguarding requirements, which although helping to support increased levels of cyber security defences, this can also leave some organizations and especially SMB’s exposed, as they are less able to meet the new minimum threshold limits.

Dr Sally Eaves covered this exact topic in this excellent blog here

Conclusion – A Proactive Approach to Ransomware is essential (be more John McClane)

OK – all film metaphors aside, we do have a serious holiday (and beyond) message for everyone. 

In addition to your overall cybersecurity plan and your established data recovery strategy, your ransomware protection needs to be proactive and start before your data is compromised. 

Metallic® ThreatWise™ is that difference.  It’s early warning ransomware detection which enables businesses to actively defend data, protect backup infrastructure, and respond to threats sooner. How does it work? Using patented deception technology, ThreatWise tricks malicious bad actors into engaging fake resources, exposing themselves before data leakage, exfiltration, or encryption. It means less risk of data impact, less downtime, and less recoveries. . 

It’s time to get ThreatWise™ and defend your data, not just recover it.  It’s the solution that John McClane would choose. 

End Credits (the cast)

  • John McClane (Bruce Willis)  – Metallic® ThreatWise™
  • Hans Gruber (Alan Rickman) and team – Hackers/ Ransomware Operatives
  • Al Powell (Reginald VelJohnson) – Your friendly IT and Security Teams

Modern Cyber Deception: Introducing Metallic® ThreatWise

More related posts

A Real-Life Cyber Attack: Investigating a Breach
Backup and Recovery

A Real-Life Cyber Attack: Investigating a Breach

Oct 2, 2024
View A Real-Life Cyber Attack: Investigating a Breach
Dealing with Ransomware at a Global Level
Cybersecurity

Dealing with Ransomware at a Global Level

Sep 24, 2024
View Dealing with Ransomware at a Global Level
Solving for Ransomware and Taming Cloud Chaos
Ransomware

Solving for Ransomware and Taming Cloud Chaos

Mar 14, 2024
View Solving for Ransomware and Taming Cloud Chaos