Minimising The Impact Of Ransomware

 

The rapid shift to remote working triggered by the pandemic has also underlined significant cyber security threats for employers and employees alike, as the head of the UK’s National Cyber Security Centre recently warned that ransomware has become the biggest threat to British people and businesses. "For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,”  Lindy Cameron said.  

 

 

• causing a device to become locked or unusable

• stealing, deleting or encrypting data

• taking control of your devices to attack other organisations

• obtaining credentials which allow access to your organisation's systems or services that you use

• 'mining' crypto currency

• using services that may cost you money (e.g. premium rate phone calls).

 

Ransomware:     Is a type of malware that prevents you from accessing your computer and or the data that is stored on it. The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Once infected, there are numerous ways cyber criminals can leverage the victim’s system for profit, such as collecting credit card data which they then sell, harvesting logins and passwords to people’s bank accounts. They then use the account to steal and transfer money, finding personal information which they leverage for identity fraud, or connect the victim’s computer into a botnet for attacks such as Distributed Denial of Service (DDoS) attacks.  

Once cyber criminals infect a single computer in an organisation, they do not immediately demand a ransom. Instead, they use that infected system to stealthily infect other computers in the organisation, perhaps even the backups. Not until the cyber criminals believe almost every system has been infected, and not until they have exfiltrated an extensive amount of data will they then enable the ransomware, encrypt all the devices, and notify the organisation. 

 

Should Victims Pay Ransom?:     Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. even f you do pay the ransom,  there is no guarantee that you will get access to your data or computer and you will still be infected.  Attackers will also threaten to publish data if payment is not made. 

In today’s highly organised cyber-criminal world, there are entire organisations dedicated to continually developing malware that cannot be detected. Four key issues to focus on for ransomware are: 

 

Social Engineering:   These types of attacks, especially phishing, are one of the primary methods cyber attackers use to infect systems. Train people on how to spot and stop phishing attacks.

 

Passwords:    Weak or insecure passwords are another very common way cyber attackers break into organisations today. Provide the training and tools to ensure people are using strong passwords.

 

Updating:    Updated and current systems are much harder for cyber attackers to infect with malware. We want to ensure people are always using the most current operating systems and applications. In some cases, you may want to emphasise the importance of enabling automatic updating.

 

Training:    Lessons for your workforce on how to report a suspected infected computer. Ensure they feel comfortable reporting, even if they know they caused the infection. 

 

 

NCSC:       Heimdal Security:     Hornet Security:    Cloudwards:   IT Governance:     Tripwire:    Komo News:  

 

Legal Futures:      Chainanalysis:        HLB Global:       SANS:       Image: Unsplash

 

 

US Companies Aren’t Preparing For Cyber Attacks: