Minimising The Impact Of Ransomware

Uploaded on 2021-07-09 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware attacks are growing in size and frequency and are threatening businesses all around the world. As more employees return to offices after working from home for months on end, cyber security dangers are a big concern. Cyber experts say malware or something malicious may be waiting for them on their devices. 
 
The rapid shift to remote working triggered by the pandemic has also underlined significant cyber security threats for employers and employees alike, as the head of the UK’s National Cyber Security Centre recently warned that ransomware has become the biggest threat to British people and businesses. "For the vast majority of UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals,”  Lindy Cameron said.  

Ransomware is a type of malware commonly used by cyber criminals to make money by extortion.

 
Malware:   Software programs that enable cyber criminals to take over an electronic device once it is infected. The majority of ransomware attacks begin with phishing emails and the cyber criminals hide the malware in an attachment that poses as a benign file, like an invoice or a report. As soon as the victim opens the attachment, the ransomware spreads through their device, locking files and leaving behind a ransom note.
 
• causing a device to become locked or unusable
• stealing, deleting or encrypting data
• taking control of your devices to attack other organisations
• obtaining credentials which allow access to your organisation's systems or services that you use
• 'mining' crypto currency
• using services that may cost you money (e.g. premium rate phone calls).
 
Ransomware:     Is a type of malware that prevents you from accessing your computer and or the data that is stored on it. The computer itself may become locked, or the data on it might be stolen, deleted or encrypted. Once infected, there are numerous ways cyber criminals can leverage the victim’s system for profit, such as collecting credit card data which they then sell, harvesting logins and passwords to people’s bank accounts. They then use the account to steal and transfer money, finding personal information which they leverage for identity fraud, or connect the victim’s computer into a botnet for attacks such as Distributed Denial of Service (DDoS) attacks.  

Ransomware has proven to be one of the fastest and more profitable than almost any other attack. 

Once cyber criminals infect a single computer in an organisation, they do not immediately demand a ransom. Instead, they use that infected system to stealthily infect other computers in the organisation, perhaps even the backups. Not until the cyber criminals believe almost every system has been infected, and not until they have exfiltrated an extensive amount of data will they then enable the ransomware, encrypt all the devices, and notify the organisation. 
 
Should Victims Pay Ransom?:     Law enforcement do not encourage, endorse, nor condone the payment of ransom demands. even f you do pay the ransom,  there is no guarantee that you will get access to your data or computer and you will still be infected.  Attackers will also threaten to publish data if payment is not made. 

Organisations should take measures to minimise the impact of data exfiltration.

In today’s highly organised cyber-criminal world, there are entire organisations dedicated to continually developing malware that cannot be detected. Four key issues to focus on for ransomware are: 
 
Social Engineering:   These types of attacks, especially phishing, are one of the primary methods cyber attackers use to infect systems. Train people on how to spot and stop phishing attacks.
 
Passwords:    Weak or insecure passwords are another very common way cyber attackers break into organisations today. Provide the training and tools to ensure people are using strong passwords.
 
Updating:    Updated and current systems are much harder for cyber attackers to infect with malware. We want to ensure people are always using the most current operating systems and applications. In some cases, you may want to emphasise the importance of enabling automatic updating.
 
Training:    Lessons for your workforce on how to report a suspected infected computer. Ensure they feel comfortable reporting, even if they know they caused the infection. 
 
If your organisation has a punitive or toxic security culture, people may be hesitant or even afraid to report they caused an infected system, so avoid a 'blame' culture and make sure  employees feel comfortable reporting.
 
NCSC:       Heimdal Security:     Hornet Security:    Cloudwards:   IT Governance:     Tripwire:    Komo News:  
 
Legal Futures:      Chainanalysis:        HLB Global:       SANS:       Image: Unsplash
 
You Might Also Read: 
 
US Companies Aren’t Preparing For Cyber Attacks:
 
 
« CYRIN Have Created Some New Training Options
Britain’s National Cyber Security Strategy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company providing cyber security services tailored to meet the evolving needs of organizations worldwide.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

Silensec

Silensec

Silensec is a management consulting, technology services and training company specialized in information security.

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center

Texas A&M Cybersecurity Center is dedicated to combating adversaries who desire to harm our citizens, our government, and our industry through cyber-attacks.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

Archon Secure

Archon Secure

Archon GoSilent Cube delivers a CSfC-certified, plug-and-play security solution for classified and unclassified communication when using the public Internet.

Technology Mindz

Technology Mindz

Technology Mindz is a leading provider of cybersecurity services. We offer a wide range of services to help businesses. Our services are Identity and access management, Governance risk and compliance.

Silence Laboratories

Silence Laboratories

Silence Laboratories is a cybersecurity company that focuses on the fusion of cryptography, sensing, and design to support a seamless authentication experience.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.

Algoritha

Algoritha

Algoritha is a pioneering entity in the realm of security and forensic services.