Cyber Security And Ransomware Attacks - Problems & Solutions

Cyber Security and Ransomware Attacks – Problems and Solutions


Directors Report: This article is exclusive to premium subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.


An important threat to any organisation's commercial operations and cyber security is now a ransomware attack. And currently ransomware attacks are the most predominant cyber threat in the digital infrastructure. 

These ransomware attackers use different techniques to hijack the users’ or organisations’ files and resources and then they demand ransom in exchange to release the encrypted/captured data or resources. 

Although there are many malware attacks, ransomware is considered the most dangerous as it imposes a high financial burden on most organisations who fall victim. 

The crypto-currency is an untraceable payment method that the attacker uses to receive ransom from victims to conceal his/her identity and location and this creates significant challenges to be able to trace the attacker or attackers’ networks. And so ransomware has become the most menacing threat that organisations presently face.

Though cyber criminals are showing no signs of slowing down, advances in cyber security and disaster recovery technologies are beginning to give organisations the power to fight back. 

What Is Ransomware

Ransomware is a form of malware that encrypts a victim’s files and prevents you from accessing your computer, or the data that is stored on it. The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. 

Cyber criminals have turned to ransomware as the latest go-to tool for attacking and extorting businesses using a wide range of variants such as WannaCry, Cryptowall, Samas, Locky, and TeslaCrypt. 

WannaCry was one of the largest and most damaging ransomware campaigns.Traditional signature-based antivirus and threat detection methods have proven to be woefully ineffective against such attacks. Some ransomware will also try to spread to other machines on the network, such as the WannaCry malware that impacted the NHS in May 2017. 

Usually, you're asked to contact the attacker via an anonymous email address or follow instructions on an anonymous web page, to make payment. The payment is invariably demanded in a crypto-currency such as Bitcoin, in order to unlock your computer, or access your data. 

Even if you pay the ransom, there is no guarantee that you will get access to your computer, or your files.

The attacker of usuallye demands a ransom from the victim to restore access to the files. The instructions for payment are displayed and are demanded in bitcoins. After the payment is made, decryption key is sent to the victim. Ransomware attack can deny access to the entire network too. 

The estimated global damage from ransomware attacks increased from around $8 billion in 2018 to $20 billion in 2020. 

Ransomware attack may lead to even death. In 2020, a hospital in Germany was locked out of their systems and unable to treat patients. A woman who needed urgent care had to be rerouted to another hospital 20miles away but did not survive. The universal access to information, increasing connections and interdependencies be-tween organisations and their ICT systems has led to the blurring of technical boundaries between organisations and clients. 

Although, this provides a business advantage, it also introduces a weakness from the cyber security point of view. These weaknesses are exploited by cyber criminals. 

Ransomware attack is a subset of cyber attacks and hence an important piece in the cyber security puzzle. 
The threat of ransomware attacks continues to grow both in terms of number of affected victims as well as the cost incurred by the people and organisations impacted in a successful attack. There are only two options for the victims; pay the ransom or lose their data. 

There are studies that say at some point in the execution of the ransomware attack, the attacker will attempt to encrypt the users’ files. Some studies offer a solution by demonstrating techniques that can identify when these encrypted files are being generated.

Once a cyber attack is detected, organisations need to isolate the infected device. Backups need to be secured by taking them online. All available log information needs to be collected. Change online account and network passwords after removing the system from the network. If the threat actor’s ransom demands are not met and the victim does not pay the ransom, the files or encrypted data will usually remain encrypted and unavailable to the victim. 

Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. 

Knowledge is power when it comes to preventing ransomware attacks. Arm your security team with the tools they need to set up your defense before it’s needed. These five best practices will lay a solid, secure foundation for your ransomware protection security strategy.

1. Know which Entrances you are Protecting:   You can’t protect something if you don’t know it exists, which is why a thorough inventory of your network is critical early in the process. Map every service, device, and application that is attached to your network. Remove any nonessential entry points and beef up security for those that are left. 

2. Know your Vulnerabilities:   Today’s highly distributed, remote workforce has opened up a wide variety of new vulnerabilities. There are millions of new work-from-home employees accessing sensitive business data and applications on less-than-secure home internet connections. 

Many of these workers are using their own devices for work and their work devices for personal tasks, and they often share their computers with others in the household. Contingent workers and third-party vendors may also need access to business systems and applications, which broadens the network attack surface even further because you can only hope they care as much about security as you do. 

One way to mitigate this risk is setting up regular access reviews to ensure the people using the services and applications on your network have the right level of permissions and the lowest level of access privilege.

3. Use Ransomware Protection Technology:   Employing technology is the most reliable way to actively protect against ransomware and be ready to bounce back if an attack succeeds. But it’s important to remember that just a cybersecurity solution or just a data protection solution isn’t adequate. You must have both. A comprehensive ransomware protection strategy includes a cybersecurity element that provides threat detection and removal, protection against known and unknown threats, and automated patching to cover weak spots. 

Your data loss prevention solution should embrace the 3-2-1 backup rule for disaster recovery: three copies of your data, stored on two different media, with one copy off-site (preferably in the cloud). 

Some ransomware strains are able to encrypt your backup files if they are attached to your network, so be sure to store backups separately. If your company is one of the 56 percent that uses Microsoft Office 365, you definitely need a data loss prevention and disaster recovery solution. Microsoft doesn’t offer long-term storage or data recovery under its shared responsibility model, so data protection is on you.

4. Educate Employees:   In 2019, 90 percent of cyber security breaches in the UK were a result of human error. Fortunately, good cyber hygiene can be taught. Appoint a committee to lead regular training sessions to teach employees how to spot bad links, malicious attachments, and suspicious emails.  At Cyber Security Intelligence we can recommend the right staff cyber security training, just email us and we will put you through to the right training team.

5. Know What to Do if a Ransomware Attack Succeeds:   Just in case the cyber hygiene training doesn’t take, be sure the entire organisation knows what to do in the event of a successful ransomware attack. The immediate goal is to stop the attack and minimise spread by disconnecting the infected computers from the network. Then tell the appropriate people so they can assess the damage and initiate the company’s business continuity and disaster recovery plan if needed.

As we navigate the uncharted waters of post-COVID-19 business and the cyber threats the pandemic has spawned, it’s important to stay a step ahead of the criminals.  Proactively preventing ransomware is the most efficient approach for securing your business-critical data from cyber criminals.

The best practices discussed above will help you create a roadmap for a comprehensive ransomware prevention strategy. 

References: 

NCSC:       CISA:     Sanjay Fuloria:   Digital Guardian:

Arcserve:      Science Direct:     Infosecurity Magazine

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools
Encryption, Security & Privacy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

TenIntelligence

TenIntelligence

TenIntelligence provides due diligence, brand protection and fraud investigation services including digital forensics.

National Cyber Directorate Israel

National Cyber Directorate Israel

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

Valire Software

Valire Software

Valire provide a solution for the automated detection of internal fraud.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

e.Kraal Innovation Hub

e.Kraal Innovation Hub

e.Kraal is a Cybersecurity Innovation Hub whose mission is to secure the future of Cybersecurity in Kenya by accelerating innovation and creativity in the cyberspace ecosystem.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Genius Guard

Genius Guard

Genius Guard specializes in DDoS Protection, DDoS Protected Webhosting, HYIP Hosting, Bitcoin Hosting, Cryptocurrency Hosting.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Socura

Socura

Socura helps make the digital world a safer place; changing the way organisations think about cyber security through a dynamic, innovative, and human approach.