Ransomware - Get A Step Ahead

Uploaded on 2022-06-13 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware is a global threat to all organisations, and it cost the global economy an estimated US$20 billion in 2021. It is the most prominent security threat that businesses now face and certainly one of the most aggressive forms of cybercrime. 

Ransomware is a form of malware which can either lock you out of your network or encrypt all your data. Once your system has been infected, the malware will ask you to pay a ransom, usually in the form of an untraceable crypto currency such as Bitcoin, in exchange for the return or decryption of your data.

It often starts life as malicious malware that infects a single PC or infiltrates the entire network, including servers, and seizes control of critical data. Once infected, the ransomware element encrypts documents and files.

One common misconception about ransomware attacks is that they only involve ransomware ie “pay me to get your systems and data back”, but these attacks have evolved into general extortion attacks. 
While ransom is still the main monetisation angle, attackers are also stealing sensitive data, yours and your customers’, and threatening to disclose or sell it on the Dark Web or Internet and often they will hold onto it for later extortion attempts and future attacks.

Large, medium or small business no government, business or organisation is immune to a ransomware attack.

Ransomware is a type of malware that prevents you from accessing your computer and the data that it stores. The computer itself may become locked, or the data on it might be stolen, deleted, or encrypted.  For those hacked by an attack, recovery cost an average of USD$1.8 million, and about 30% of firms paid the ransom to retrieve their data.

Ransomware Is Changing

Cyber criminals are constantly changing their tactics. 2021 saw several major ransomware attacks. Probably the most high-profile was the Colonial Pipeline attack. This led to the US government managing to shut-down the ransomware operator REvil. However, the problem has not gone away. Other attackers are keen to avoid similar retribution so many operators are staging false shutdowns and reopening under new names. Consequently,  organisations need to take the right steps to improve their security and resiliency of their systems.

Protect Your Organisation

  • Plan and test your incident response: Most importantly, ransomware protection means preparing for an attack by ensuring that everyone understands the impact of ransomware on their organisation; they know how to respond if hit with an attack and that key files are backed up so that data can be recovered. 

Every plan should be evaluated at least annually through a tabletop exercise which may involve an external audit or third-party vendors.

  • Invest in expert cyber security monitoring from a Security Operations Centre that can identify breaches before an attack is launched, and regularly patch vulnerabilities to your network

Research on the first quarter of 2022 by threat intelligence firm Analyst1, has shown that cyber criminals are shifting ransomware tactics away from corporate ‘big game hunting’ and instead attacking medium-sized businesses.

Distributed Denial of Service (DDoS)

DDoS is becoming an increasingly common tactic leveraged before and during ransomware attacks. Attackers use bots to direct huge quantities of fraudulent traffic to a victim’s website and online services, seeking to overwhelm their system and prevent real traffic from getting through.

Protect your Organisation from a DDoS attack:

  • You need a CDN or DDoS Protection service. This is a service that can filter out malicious traffic while allowing legitimate users to get through. If you already have one, make sure it is correctly configured.
  • Get to know your typical Internet traffic patterns, so you can identify when something’s not right.
  • Implement the cyber hygiene controls recommended by the NCSC.

Conclusion

Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. If you do pay the ransom

  • There is no guarantee that you will get access to your data or computer.
  • Your computer will still be infected.
  • You will be paying criminal groups.
  • You're more likely to be targeted in the future.

Attackers will also threaten to publish data if payment is not made. To counter this, organisations should take measures to minimise the impact of data exfiltration.

Ransomware has become a booming enterprise, with criminals boldly advertising their ransomware service offerings. It is up to cybersecurity professionals and business stakeholders to keep up with evolving ransomware software and protect networks and the valuable data contained within from ransomware attacks.

Businesses need to remain vigilant, frequently up-date and review your cyber security strategy, stay informed and work with cyber security experts to implement the right preventative measures that will ensure that your cyber resiliency is strong and makes it far more difficult for a malicious party to penetrate your system.

Please contact Cyber Security Intelligence if you would like to discuss your security requirements and get advice and recommendations.

NCSC:     IBM:    Business Leader:      Mimecast:      IT Secure:   Securus Comms:    Microsoft:  

You Might Also Read: 

Extortion: Most British Firms Pay The Ransom:

 

« Innovative Cyber Training
Energy Companies Unready For Lethal Cyber Attacks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

Open Systems International (OSI)

Open Systems International (OSI)

Our innovative Operations Technology (OT) solutions are highly scalable and can be deployed by various utility companies to monitor, control and optimize their real-time operations.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

SkyePoint Decisions

SkyePoint Decisions

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Metabase Q

Metabase Q

Metabase Q protects you from financial and reputational losses with more efficient and intelligent cybersecurity, using the best worldwide in technologies, processes and specialists.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

Conceal

Conceal

Conceal’s mission is to stop ransomware and credential theft for companies of all sizes by developing innovative solutions that provide social engineering protection in any browser.

IT Voice

IT Voice

IT Voice specializes in Managed IT and VoIP solutions. Our focus is simplifying the technology so our customers can stay focused on what they do best.

SPYROS Information & Technology Consulting

SPYROS Information & Technology Consulting

SPYROS specializes in providing highly qualified professionals in Computer Network Operations, Signals Intelligence, Technical Training and Certifications, Network Administration and Security.