Cyber Security And Ransomware Attacks - Problems & Solutions

Cyber Security and Ransomware Attacks – Problems and Solutions


Directors Report: This article is exclusive to premium subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.


An important threat to any organisation's commercial operations and cyber security is now a ransomware attack. And currently ransomware attacks are the most predominant cyber threat in the digital infrastructure. 

These ransomware attackers use different techniques to hijack the users’ or organisations’ files and resources and then they demand ransom in exchange to release the encrypted/captured data or resources. 

Although there are many malware attacks, ransomware is considered the most dangerous as it imposes a high financial burden on most organisations who fall victim. 

The crypto-currency is an untraceable payment method that the attacker uses to receive ransom from victims to conceal his/her identity and location and this creates significant challenges to be able to trace the attacker or attackers’ networks. And so ransomware has become the most menacing threat that organisations presently face.

Though cyber criminals are showing no signs of slowing down, advances in cyber security and disaster recovery technologies are beginning to give organisations the power to fight back. 

What Is Ransomware

Ransomware is a form of malware that encrypts a victim’s files and prevents you from accessing your computer, or the data that is stored on it. The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. 

Cyber criminals have turned to ransomware as the latest go-to tool for attacking and extorting businesses using a wide range of variants such as WannaCry, Cryptowall, Samas, Locky, and TeslaCrypt. 

WannaCry was one of the largest and most damaging ransomware campaigns.Traditional signature-based antivirus and threat detection methods have proven to be woefully ineffective against such attacks. Some ransomware will also try to spread to other machines on the network, such as the WannaCry malware that impacted the NHS in May 2017. 

Usually, you're asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment. The payment is invariably demanded in a crypto-currency such as Bitcoin, in order to unlock your computer, or access your data. 

Even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files.

The attacker of usuallye demands a ransom from the victim to restore access to the files. The instructions for payment are displayed and are demanded in bitcoins. After the payment is made, decryption key is sent to the victim. Ransomware attack can deny access to the entire network too. 

The estimated global damage from ransomware attacks increased from around $8 billion in 2018 to $20 billion in 2020. 

Ransomware attack may lead to even death. In 2020, a hospital in Germany was locked out of their systems and unable to treat patients. A woman who needed urgent care had to be rerouted to another hospital 20miles away but did not survive. The universal access to information, increasing connections and interdependencies be-tween organisations and their ICT systems has led to the blurring of technical boundaries between organisations and clients. 

Although, this provides a business advantage, it also introduces a weakness from the cyber security point of view. These weaknesses are exploited by cyber criminals. 

Ransomware attack is a subset of cyber attacks and hence an important piece in the cyber security puzzle. 
The threat of ransomware attacks continues to grow both in terms of number of affected victims as well as the cost incurred by the people and organisations impacted in a successful attack. There are only two options for the victims; pay the ransom or lose their data. 

There are studies that say at some point in the execution of the ransomware attack, the attacker will attempt to encrypt the users’ files. Some studies offer a solution by demonstrating techniques that can identify when these encrypted files are being generated.

Once a cyber attack is detected, organisations need to isolate the infected device. Backups need to be secured by taking them online. All available log information needs to be collected. Change online account and network passwords after removing the system from the network. If the threat actor’s ransom demands are not met and the victim does not pay the ransom, the files or encrypted data will usually remain encrypted and unavailable to the victim. 

Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. 

Knowledge is power when it comes to preventing ransomware attacks. Arm your security team with the tools they need to set up your defense before it’s needed. These five best practices will lay a solid, secure foundation for your ransomware protection security strategy.

1. Know which Entrances you are Protecting:   You can’t protect something if you don’t know it exists, which is why a thorough inventory of your network is critical early in the process. Map every service, device, and application that is attached to your network. Remove any nonessential entry points and beef up security for those that are left. 

2. Know your Vulnerabilities:   Today’s highly distributed, remote workforce has opened up a wide variety of new vulnerabilities. There are millions of new work-from-home employees accessing sensitive business data and applications on less-than-secure home internet connections. 

Many of these workers are using their own devices for work and their work devices for personal tasks, and they often share their computers with others in the household. Contingent workers and third-party vendors may also need access to business systems and applications, which broadens the network attack surface even further because you can only hope they care as much about security as you do. 

One way to mitigate this risk is setting up regular access reviews to ensure the people using the services and applications on your network have the right level of permissions and the lowest level of access privilege.

3. Use Ransomware Protection Technology:   Employing technology is the most reliable way to actively protect against ransomware and be ready to bounce back if an attack succeeds. But it’s important to remember that just a cybersecurity solution or just a data protection solution isn’t adequate. You must have both. A comprehensive ransomware protection strategy includes a cybersecurity element that provides threat detection and removal, protection against known and unknown threats, and automated patching to cover weak spots. 

Your data loss prevention solution should embrace the 3-2-1 backup rule for disaster recovery: three copies of your data, stored on two different media, with one copy off-site (preferably in the cloud). 

Some ransomware strains are able to encrypt your backup files if they are attached to your network, so be sure to store backups separately. If your company is one of the 56 percent that uses Microsoft Office 365, you definitely need a data loss prevention and disaster recovery solution. Microsoft doesn’t offer long-term storage or data recovery under its shared responsibility model, so data protection is on you.

4. Educate Employees:   In 2019, 90 percent of cyber security breaches in the UK were a result of human error. Fortunately, good cyber hygiene can be taught. Appoint a committee to lead regular training sessions to teach employees how to spot bad links, malicious attachments, and suspicious emails.  At Cyber Security Intelligence we can recommend the right staff cyber security training, just email us and we will put you through to the right training team.

5. Know What to Do if a Ransomware Attack Succeeds:   Just in case the cyber hygiene training doesn’t take, be sure the entire organisation knows what to do in the event of a successful ransomware attack. The immediate goal is to stop the attack and minimise spread by disconnecting the infected computers from the network. Then tell the appropriate people so they can assess the damage and initiate the company’s business continuity and disaster recovery plan if needed.

As we navigate the uncharted waters of post-COVID-19 business and the cyber threats the pandemic has spawned, it’s important to stay a step ahead of the criminals.  Proactively preventing ransomware is the most efficient approach for securing your business-critical data from cyber criminals.

The best practices discussed above will help you create a roadmap for a comprehensive ransomware prevention strategy. 

References: 

NCSC:       CISA:     Sanjay Fuloria:   Digital Guardian:

Arcserve:      Science Direct:     Infosecurity Magazine

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools
Encryption, Security & Privacy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

Digital Detective

Digital Detective

Digital Detective offer a range of products and services for digital forensic analysis and advanced data recovery.

Digital Defense Inc (DDI)

Digital Defense Inc (DDI)

DDI offers vulnerability scanning, penetration testing, web application testing, social engineering and additional security assessments.

Cyber Akademie (CAk)

Cyber Akademie (CAk)

Cyber Akademie is a training and education center providing high-quality training and information events on information security and data protection.

AppViewX

AppViewX

AppViewX is a global leader in the management, automation and orchestration of network services in data centers.

Datacentrix

Datacentrix

Datacentrix provides end-to-end cybersecurity services for the operational technology (OT) and IT environments to monitor, assess and defend our customers' information assets.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

Cognyte

Cognyte

Cognyte are a market leader in security analytics software that empowers governments and enterprises with Actionable Intelligence for a safer world.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

ImmuneBytes

ImmuneBytes

ImmuneBytes is a cutting-edge security startup that aims to provide a secure blockchain environment for a dependable and open Web3 ecosystem.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.