Google has spelled out the emerging threat of ransomware and “best practices” to combat it.
The post — authored by Phil Venables Vice President, Chief Information Security Officer, Google Cloud and Sunil Potti VP/GM, Google Cloud Security — underscores the intractability of ransomware and how the threat is evolving.
Much of the discussion centers on Google products and the authors are quick to point out the benefits of Google Cloud and other Google software and services but, more broadly, it applies to any organization looking to fend off ransomware attacks.
Ransomware, in its basic form, encrypts an organization’s files, effectively locking out an organization from its most valuable data. Ransom is then demanded to unlock the files.
Putting ransomware in perspective: it isn’t novel
“Ransomware…isn’t a novel threat in the world of computer security,” the authors say. “Destructive, financially-motivated” attackers who demand payment to decrypt data and restore access have been around for years, according to Google.
“Today’s reality shows us that these attacks have become more pervasive, impacting essential services like healthcare or pumping gasoline,” Google says.
Email is not your friend
Google reiterates and reemphasizes what every self-respecting cybersecurity expert will tell you.
“Email is at the heart of many ransomware attacks. It can be exploited to phish credentials for illegitimate network access and/or to distribute ransomware binaries directly,” the authors say.
Chromebook as defense
The authors make good points about the security of Chromebooks. And I can attest to this. I own and use Chromebooks and agree that Chrome OS is more secure than Windows or the Mac (which I also use).
“Chromebooks are designed to protect against phishing and ransomware attacks with a low on-device footprint, read-only, constantly invisibly…