Cyber Security And Ransomware Attacks

Uploaded on 2023-05-15 in TECHNOLOGY--Resilience, Directors Reports

Cyber Security and Ransomware Attacks – Problems and Solutions

Directors Report: This article is exclusive to premium subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

An important threat to any organisation's commercial operations and cyber security is now a ransomware attack. And currently ransomware attacks are the most predominant cyber threat in the digital infrastructure.

These ransomware attackers use different techniques to hijack the users’ or organisations’ files and resources and then they demand ransom in exchange to release the encrypted/captured data or resources.

Although there are many malware attacks, ransomware is considered the most dangerous as it imposes a high financial burden on most organisations who fall victim.

The crypto-currency is an untraceable payment method that the attacker uses to receive ransom from victims to conceal his/her identity and location and this creates significant challenges to be able to trace the attacker or attackers’ networks. And so ransomware has become the most menacing threat that organisations presently face.

Though cyber criminals are showing no signs of slowing down, advances in cyber security and disaster recovery technologies are beginning to give organisations the power to fight back.

What Is Ransomware

Ransomware is a form of malware that encrypts a victim’s files and prevents you from accessing your computer, or the data that is stored on it. The computer itself may become locked, or the data on it might be stolen, deleted or encrypted.

Cyber criminals have turned to ransomware as the latest go-to tool for attacking and extorting businesses using a wide range of variants such as WannaCry, Cryptowall, Samas, Locky, and TeslaCrypt.

WannaCry was one of the largest and most damaging ransomware campaigns.Traditional signature-based antivirus and threat detection methods have proven to be woefully ineffective against such attacks. Some ransomware will also try to spread to other machines on the network, such as the WannaCry malware that impacted the NHS in May 2017.

Usually, you're asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment. The payment is invariably demanded in a crypto-currency such as Bitcoin, in order to unlock your computer, or access your data.

Even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files.

The attacker of usuallye demands a ransom from the victim to restore access to the files. The instructions for payment are displayed and are demanded in bitcoins. After the payment is made, decryption key is sent to the victim. Ransomware attack can deny access to the entire network too.

The estimated global damage from ransomware attacks increased from around $8 billion in 2018 to $20 billion in 2020.

Ransomware attack may lead to even death. In 2020, a hospital in Germany was locked out of their systems and unable to treat patients. A woman who needed urgent care had to be rerouted to another hospital 20miles away but did not survive. The universal access to information, increasing connections and interdependencies be-tween organisations and their ICT systems has led to the blurring of technical boundaries between organisations and clients.

Although, this provides a business advantage, it also introduces a weakness from the cyber security point of view. These weaknesses are exploited by cyber criminals.

Ransomware attack is a subset of cyber attacks and hence an important piece in the cyber security puzzle.
The threat of ransomware attacks continues to grow both in terms of number of affected victims as well as the cost incurred by the people and organisations impacted in a successful attack. There are only two options for the victims; pay the ransom or lose their data.

There are studies that say at some point in the execution of the ransomware attack, the attacker will attempt to encrypt the users’ files. Some studies offer a solution by demonstrating techniques that can identify when these encrypted files are being generated.

Once a cyber attack is detected, organisations need to isolate the infected device. Backups need to be secured by taking them online. All available log information needs to be collected. Change online account and network passwords after removing the system from the network. If the threat actor’s ransom demands are not met and the victim does not pay the ransom, the files or encrypted data will usually remain encrypted and unavailable to the victim.

Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access.

Knowledge is power when it comes to preventing ransomware attacks. Arm your security team with the tools they need to set up your defense before it’s needed. These five best practices will lay a solid, secure foundation for your ransomware protection security strategy.

1. Know which Entrances you are Protecting: You can’t protect something if you don’t know it exists, which is why a thorough inventory of your network is critical early in the process. Map every service, device, and application that is attached to your network. Remove any nonessential entry points and beef up security for those that are left.

2. Know your Vulnerabilities: Today’s highly distributed, remote workforce has opened up a wide variety of new vulnerabilities. There are millions of new work-from-home employees accessing sensitive business data and applications on less-than-secure home internet connections.

Many of these workers are using their own devices for work and their work devices for personal tasks, and they often share their computers with others in the household. Contingent workers and third-party vendors may also need access to business systems and applications, which broadens the network attack surface even further because you can only hope they care as much about security as you do.

One way to mitigate this risk is setting up regular access reviews to ensure the people using the services and applications on your network have the right level of permissions and the lowest level of access privilege.

3. Use Ransomware Protection Technology: Employing technology is the most reliable way to actively protect against ransomware and be ready to bounce back if an attack succeeds. But it’s important to remember that just a cybersecurity solution or just a data protection solution isn’t adequate. You must have both. A comprehensive ransomware protection strategy includes a cybersecurity element that provides threat detection and removal, protection against known and unknown threats, and automated patching to cover weak spots.

Your data loss prevention solution should embrace the 3-2-1 backup rule for disaster recovery: three copies of your data, stored on two different media, with one copy off-site (preferably in the cloud).

Some ransomware strains are able to encrypt your backup files if they are attached to your network, so be sure to store backups separately. If your company is one of the 56 percent that uses Microsoft Office 365, you definitely need a data loss prevention and disaster recovery solution. Microsoft doesn’t offer long-term storage or data recovery under its shared responsibility model, so data protection is on you.

4. Educate Employees: In 2019, 90 percent of cyber security breaches in the UK were a result of human error. Fortunately, good cyber hygiene can be taught. Appoint a committee to lead regular training sessions to teach employees how to spot bad links, malicious attachments, and suspicious emails. At Cyber Security Intelligence we can recommend the right staff cyber security training, just email us and we will put you through to the right training team.

5. Know What to Do if a Ransomware Attack Succeeds: Just in case the cyber hygiene training doesn’t take, be sure the entire organisation knows what to do in the event of a successful ransomware attack. The immediate goal is to stop the attack and minimise spread by disconnecting the infected computers from the network. Then tell the appropriate people so they can assess the damage and initiate the company’s business continuity and disaster recovery plan if needed.

As we navigate the uncharted waters of post-COVID-19 business and the cyber threats the pandemic has spawned, it’s important to stay a step ahead of the criminals. Proactively preventing ransomware is the most efficient approach for securing your business-critical data from cyber criminals.

The best practices discussed above will help you create a roadmap for a comprehensive ransomware prevention strategy.

References:

NCSC: CISA: Sanjay Fuloria: Digital Guardian:

Arcserve: Science Direct: Infosecurity Magazine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.