Cyber Security And Ransomware Attacks - Problems & Solutions

Cyber Security and Ransomware Attacks – Problems and Solutions


Directors Report: This article is exclusive to premium subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.


An important threat to any organisation's commercial operations and cyber security is now a ransomware attack. And currently ransomware attacks are the most predominant cyber threat in the digital infrastructure. 

These ransomware attackers use different techniques to hijack the users’ or organisations’ files and resources and then they demand ransom in exchange to release the encrypted/captured data or resources. 

Although there are many malware attacks, ransomware is considered the most dangerous as it imposes a high financial burden on most organisations who fall victim. 

The crypto-currency is an untraceable payment method that the attacker uses to receive ransom from victims to conceal his/her identity and location and this creates significant challenges to be able to trace the attacker or attackers’ networks. And so ransomware has become the most menacing threat that organisations presently face.

Though cyber criminals are showing no signs of slowing down, advances in cyber security and disaster recovery technologies are beginning to give organisations the power to fight back. 

What Is Ransomware

Ransomware is a form of malware that encrypts a victim’s files and prevents you from accessing your computer, or the data that is stored on it. The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. 

Cyber criminals have turned to ransomware as the latest go-to tool for attacking and extorting businesses using a wide range of variants such as WannaCry, Cryptowall, Samas, Locky, and TeslaCrypt. 

WannaCry was one of the largest and most damaging ransomware campaigns.Traditional signature-based antivirus and threat detection methods have proven to be woefully ineffective against such attacks. Some ransomware will also try to spread to other machines on the network, such as the WannaCry malware that impacted the NHS in May 2017. 

Usually, you're asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment. The payment is invariably demanded in a crypto-currency such as Bitcoin, in order to unlock your computer, or access your data. 

Even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files.

The attacker of usuallye demands a ransom from the victim to restore access to the files. The instructions for payment are displayed and are demanded in bitcoins. After the payment is made, decryption key is sent to the victim. Ransomware attack can deny access to the entire network too. 

The estimated global damage from ransomware attacks increased from around $8 billion in 2018 to $20 billion in 2020. 

Ransomware attack may lead to even death. In 2020, a hospital in Germany was locked out of their systems and unable to treat patients. A woman who needed urgent care had to be rerouted to another hospital 20miles away but did not survive. The universal access to information, increasing connections and interdependencies be-tween organisations and their ICT systems has led to the blurring of technical boundaries between organisations and clients. 

Although, this provides a business advantage, it also introduces a weakness from the cyber security point of view. These weaknesses are exploited by cyber criminals. 

Ransomware attack is a subset of cyber attacks and hence an important piece in the cyber security puzzle. 
The threat of ransomware attacks continues to grow both in terms of number of affected victims as well as the cost incurred by the people and organisations impacted in a successful attack. There are only two options for the victims; pay the ransom or lose their data. 

There are studies that say at some point in the execution of the ransomware attack, the attacker will attempt to encrypt the users’ files. Some studies offer a solution by demonstrating techniques that can identify when these encrypted files are being generated.

Once a cyber attack is detected, organisations need to isolate the infected device. Backups need to be secured by taking them online. All available log information needs to be collected. Change online account and network passwords after removing the system from the network. If the threat actor’s ransom demands are not met and the victim does not pay the ransom, the files or encrypted data will usually remain encrypted and unavailable to the victim. 

Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. 

Knowledge is power when it comes to preventing ransomware attacks. Arm your security team with the tools they need to set up your defense before it’s needed. These five best practices will lay a solid, secure foundation for your ransomware protection security strategy.

1. Know which Entrances you are Protecting:   You can’t protect something if you don’t know it exists, which is why a thorough inventory of your network is critical early in the process. Map every service, device, and application that is attached to your network. Remove any nonessential entry points and beef up security for those that are left. 

2. Know your Vulnerabilities:   Today’s highly distributed, remote workforce has opened up a wide variety of new vulnerabilities. There are millions of new work-from-home employees accessing sensitive business data and applications on less-than-secure home internet connections. 

Many of these workers are using their own devices for work and their work devices for personal tasks, and they often share their computers with others in the household. Contingent workers and third-party vendors may also need access to business systems and applications, which broadens the network attack surface even further because you can only hope they care as much about security as you do. 

One way to mitigate this risk is setting up regular access reviews to ensure the people using the services and applications on your network have the right level of permissions and the lowest level of access privilege.

3. Use Ransomware Protection Technology:   Employing technology is the most reliable way to actively protect against ransomware and be ready to bounce back if an attack succeeds. But it’s important to remember that just a cybersecurity solution or just a data protection solution isn’t adequate. You must have both. A comprehensive ransomware protection strategy includes a cybersecurity element that provides threat detection and removal, protection against known and unknown threats, and automated patching to cover weak spots. 

Your data loss prevention solution should embrace the 3-2-1 backup rule for disaster recovery: three copies of your data, stored on two different media, with one copy off-site (preferably in the cloud). 

Some ransomware strains are able to encrypt your backup files if they are attached to your network, so be sure to store backups separately. If your company is one of the 56 percent that uses Microsoft Office 365, you definitely need a data loss prevention and disaster recovery solution. Microsoft doesn’t offer long-term storage or data recovery under its shared responsibility model, so data protection is on you.

4. Educate Employees:   In 2019, 90 percent of cyber security breaches in the UK were a result of human error. Fortunately, good cyber hygiene can be taught. Appoint a committee to lead regular training sessions to teach employees how to spot bad links, malicious attachments, and suspicious emails.  At Cyber Security Intelligence we can recommend the right staff cyber security training, just email us and we will put you through to the right training team.

5. Know What to Do if a Ransomware Attack Succeeds:   Just in case the cyber hygiene training doesn’t take, be sure the entire organisation knows what to do in the event of a successful ransomware attack. The immediate goal is to stop the attack and minimise spread by disconnecting the infected computers from the network. Then tell the appropriate people so they can assess the damage and initiate the company’s business continuity and disaster recovery plan if needed.

As we navigate the uncharted waters of post-COVID-19 business and the cyber threats the pandemic has spawned, it’s important to stay a step ahead of the criminals.  Proactively preventing ransomware is the most efficient approach for securing your business-critical data from cyber criminals.

The best practices discussed above will help you create a roadmap for a comprehensive ransomware prevention strategy. 

References: 

NCSC:       CISA:     Sanjay Fuloria:   Digital Guardian:

Arcserve:      Science Direct:     Infosecurity Magazine

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools
Encryption, Security & Privacy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

HackerOne

HackerOne

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer.

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium

Singapore Cybersecurity Consortium was created to encourage use-inspired research, training and technology awareness in cybersecurity.

Siepel

Siepel

Siepel manufactures high quality shielded rooms and anechoic chambers dedicated to TEMPEST, NEMP & HIRF.

Proact IT Group

Proact IT Group

Proact is Europe's leading independent data centre and Cloud services enabler. We deliver flexible, accessible and secure IT solutions and services.

Segusoft

Segusoft

With its encryption platform SEGULINK, Segusoft provides standard software for companies to securely transfer files and messages.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

Mosaic 451

Mosaic 451

Mosaic451 is a bespoke IT managed services provider and consultancy specializing in information security, operations and design.

Ensurity Technologies

Ensurity Technologies

Ensurity is a deep-tech cybersecurity engineering company; designs and manufactures specialized secure hardware, software, and mobile application solutions.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Cyber Security Cloud (CSC)

Cyber Security Cloud (CSC)

Cyber Security Cloud provides web application security services worldwide using world's leading cyber threat intelligence and AI technology.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

Deft

Deft

Deft (formerly ServerCentral Turing Group) is a trusted provider of colocation, cloud, and disaster recovery services.

SecOps Group

SecOps Group

SecOps Group is a boutique cybersecurity consultancy helping enterprises identify & eliminate security risks on a continuous basis.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

SecureTeam

SecureTeam

SecureTeam are a UK-based information security practice, specialising in all areas of cybersecurity.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.