Ransomware Attack Protection

Ransomware attacks are growing in size and frequency and are threatening businesses all around the world. As more employees return to offices after working from home for months on end, cyber security dangers are a big concerns.
 
The shift to remote working triggered by the pandemic has also underlined significant cyber security threats for employers and employees alike. Now,  the head of the UK’s National Cyber Security Centre has warned that ransomware has become the biggest threat to British people and businesses. 
 
In a speech being given by Lindy Cameron, chief executive of the NCSC  she highlighted the need for ransomware problem to be taken seriously, and warns of the “cumulative effect” if society fails to properly deal with the rising threat. “Far more worrying is the cumulative effect of a failure to manage cyber risk and the failure to take the threat of cyber criminality seriously. For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,” she said. 

In 2018 cyber criminals stole 8 billion Euros, in 2020 they had stolen over 20 billion Euros.

  • Ireland’s health-care system has been in disarray since May 14th when the Health Service Executive, the state-funded health-care provider, was hit by a ransomware attack which led it to shut down most of its computer systems. The attackers threatened to release stolen data, including confidential patient records, unless the Health Service paid €16.5m, which it has declined to do.
  • The Colonial Pipeline attack shut down a system which delivers 45 percent of all the fuel to the US Eastern Seaboard, and the week-long ransomware attack caused public havoc with gas shortages on the East coast. The company confirmed that it paid $4.4 million in bitcoin to end the double-extortion ransomware attack, but i the FBI and managed to recover a substantial proportion of this. 
  • The highest reported payment targeting Travelex and the ransom settlement was thought to be about $6 million, though the exact amount remains unknown.  Another large 2020 ransomware demand involved the French construction firm Bouygues. The demanded sum was around $11.8 million.

How Ransomware Works 

Ransomware is a type of malware used by cyber criminals to make a lot of money. Malware, are software programs that enable cyber criminals to take over an electronic device once it is infected. The majority of ransomware attacks begin with phishing emails and the cyber criminals hide the malware in an attachment that poses as a benign file, like an invoice or a report. As soon as the victim opens the attachment, the ransomware spreads through their device, locking files and leaving behind a ransom note.

 

Once infected, there are numerous ways cyber criminals can leverage the victim’s system for profit, such as collecting credit card data which they then sell, harvesting logins and passwords to people’s bank accounts. They can then use the account to steal and transfer money, finding personal information which they leverage for identity fraud, or connect the victim’s computer into a botnet for attacks such as Distributed Denial of Service (DDoS) attacks. 

After cyber criminals infect a single computer in an organisation, they do not immediately demand a ransom. Instead, they use that infected system to stealthily infect other computers in the organisation, perhaps even the backups. Not until the cyber criminals believe almost every system has been infected, and not until they have exfiltrated an extensive amount of data will they then enable the ransomware, encrypt all the devices, and notify the organisation.
 
 Attackers will also threaten to publish data if payment is not made. To counter this, organisations should take measures to minimise the impact of data exfiltration.
 
Law enforcement agencies do not as a rule encourage the payment of ransom demands. If you do pay the ransom, there is no guarantee that you will get access to your data or computer. Furthermore, your computer system will still be infected and you are more likely to be targeted in the future. 
 
Ransomware has proven to be one of the fastest and more profitable than almost any other attack, but by teaching your people to spot phishing scams, you can prevent the majority of ransomware attacks.

Stopping Ransomware

In the highly developed world of cyber crime there are entire organisations dedicated to continually developing malware that cannot be detected. There are four general areas of vulnerability to ransomware infection that need to be carefully monitored: 
 
Social Engineering: These types of attacks, especially phishing, are one of the primary methods cyber attackers use to infect systems. Train people on how to spot and stop phishing attacks.
 
Passwords: Weak or insecure passwords are another very common way cyber attackers break into organisations today. Provide the training and tools to ensure people are using strong passwords.
 
Updating: Updated and current systems are much harder for cyber attackers to infect with malware. We want to ensure people are always using the most current operating systems and applications. In some cases, you may want to emphasise the importance of enabling automatic updating.
 
Training: Lessons for your workforce on how to report a suspected infected computer. Ensure they feel comfortable reporting, even if they know they caused the infection. 
 
As more employees return to offices after working from home for months on end, cyber security dangers are a big concern and every employee need to be aware of the risk of malware that could be waiting on their devices.
 
NCSC:      SANS:      Hornet Security:          Heimdal Security:     Cloudwards:      ITGovernance:
 
ZDNet:       Chain Analysis:    Komo News:      Economist:     Tripwire:     Legal Futures:        HLB
 
You Might Also Read: 
 
Negotiating Ransom: To Pay Or Not?:
 
 
« How To Write Learning Objectives For Cyber Security Training
Massive Attack: 200+ US Organisations Hacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TenIntelligence

TenIntelligence

TenIntelligence provides due diligence, brand protection and fraud investigation services including digital forensics.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

FaceFirst

FaceFirst

FaceFirst provide face recognition technology solutions to detect and deter real time threats,

Niagara Networks

Niagara Networks

Niagara Networks is a Network Visibility industry leader, with emphasis in 1/10/40/100 Gigabit systems and mission-critical IT and security appliances.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

Center for Research on Scientific & Technical Information (CERIST)

Center for Research on Scientific & Technical Information (CERIST)

CERIST is a scientific and technical research centre with activities focused in the area of networks, information systems and IT security.

certSIGN

certSIGN

certSIGN develop innovative software for information security and information systems protection.

Emirates International Accreditation Center (EIAC)

Emirates International Accreditation Center (EIAC)

EIACI is the national accreditation body for the United Arab Emirates. The directory of members provides details of organisations offering certification services for ISO 27001.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

Quantexa

Quantexa

Quantexa automates millions of operational decisions, at scale, across multiple business units, including Anti-Money Laundering, Know-Your-Customer, Fraud, Credit Risk and Customer Intelligence.

NANDoff Data Recovery

NANDoff Data Recovery

NANDoff is a flat rate data recovery service. We serve the electronics industry around the globe 24/7.

Sencode Cyber Security

Sencode Cyber Security

Sencode provides a range of IT security solutions and services, including penetration testing and cyber awareness training to help mitigate the growing risks to your corporate infrastructure.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

Vigilant Ops

Vigilant Ops

Vigilant Ops is a leader in Software Bill of Materials (SBOM) Automation. A proactive approach to cybersecurity with continuous vulnerability monitoring.