Ransom: Prepare For The Worst

It’s official: no sector is safe from ransomware. According to an alert from the US Cybersecurity and Infrastructure Security Agency (CISA), organisations everywhere, from charities to defence and financial services, are likely to be targeted by criminals seeking to gain access to sensitive networks and make them inaccessible, only releasing them for a fee. 

What’s particularly worrying about the spread of ransomware is the increased sophistication of the technology behind the attacks. CISA put it best when it observed that in 2021 authorities in the US, UK and Australia had seen “an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally.” 

A New Threat Era

While many of the methods used to gain entry (such as phishing, brute force or exploiting vulnerabilities) remain the same, the approaches used are now incorporating innovations like ransomware-as-a-service. The BlackCat/ALPHV RaaS is a good example of this, having breached at least 60 organisations globally as of the end of March 2022. 

In fact, it is the evolving nature of ransomware that is keeping many people up at night, with Gartner placing new ransomware models as the top concern facing executives in 2021, ahead of talent, a COVID-19 endemic and supply chain disruptions. 

They’re disturbed by it because there seems to be no end in sight; every time businesses think they’ve found a way to protect themselves, cyber threats evolve - and ransomware is no different. 

Does that mean there is no solution? No, but it means a change in mindset is required. Again, it is very much a case of when, not if, companies will be subject to a ransomware attack - and accepting that can go a long way to helping protect the organisation. 

Four Steps To Combatting Ransomware

Of course, it will take more than accepting the inevitable to keep cyber-attacks at bay. But understanding that a business will be targeted, particularly in a sector perceived to be as cash rich as financial services, can help companies lay the groundwork and take the first step to combat ransomware. 

And that step is preparation. If you know and accept something will happen, you can plan for it. When it comes to ransomware (or indeed any type of attack), having a good incident response plan is vital. It allows decision-makers to calmly assess what needs to be done and quickly act in the event of an attack. It’s critical to be able to access that plan at a moment’s notice, so make sure that there is a physical copy available (as well as anything stored on servers and networks). It might seem a bit anachronistic to prepare for a digital assault with a piece of paper, but if an attack succeeds in locking you out of that file, what will you do then? 

Having a plan might seem like an obvious part of preparation. What’s becoming more common is testing those plans. This could be tabletop ‘what if’ scenarios, with different people pulling plans apart to identify any areas of improvements. It could even be a full war game session, where teams take on different roles and are pitted against each to see how they would react in the event of a real attack. 

Closely linked to preparation is the second step: senior buy-in. Getting C-Level executives to buy-in to all aspects of cyber defence can be the difference between success and failure. When so much of ransomware is based on fast access to sensitive networks, it is imperative that everyone, from top to bottom, understands basic cyber hygiene principles and invests in maintaining (and indeed enhancing) their security education. No one is immune from being targeted, and high profile leaders are particularly visible: just ask the country CEO of one company, who was tricked into transferring company funds to cyber criminals that used deep fake technology to mimic the executive’s boss. While that wasn’t ransomware, it does highlight how important it is to educate everyone on the need for proper security processes.

That training also needs to reflect the current state of working today. With more people working remotely, companies need to protect not just corporate networks in the office, but the endpoints their staff are using from a variety of different locations. That means adapting policies and procedures, rethinking how you look at securing perimeters and implementing approaches that support people to work where they need to, without compromising security. That could mean, for example, an additional layer of security when handling communication to avoid attackers impersonating colleagues. 

The final step is to understand how you can mitigate successful attacks, i.e., the ones that do get in. That means constantly monitoring for signs of penetration, and then having the means to isolate the affected area rapidly. Your incident response plan will provide further details on what to do, which could include informing customers, investors, shareholders, regulatory bodies and other government agencies, depending on the nature of the attack and what has been targeted. There could also be a need to liaise with insurance providers, who may offer services relating to ransomware attacks. These might include recovery services, their own incident response management teams or liability cover to name but a few. 

Bear in mind that while many stakeholders will tolerate disruption from a cyberattack, they will not accept a lack of action when it comes to mitigating the impact. In some instances, as well as a hit to reputation and revenue, there could be regulatory punishments: something one US pipeline operator is currently facing due to a perceived failure to properly plan and respond to an attack. 

Should You Pay The Ransom?

There’s one other thing to consider when it comes to ransomware attacks: should you pay the ransom? Depending on the data affected and the demand that’s come from the attackers, it can sometimes be tempting to throw money at the problem. Yet this increasingly isn’t an option: depending on where the business operates, it might incur a fine or even be considered illegal, and it could well invalidate insurance. 

Instead, it's best to prepare for the worst: have a plan, educate your teams with training that reflects the reality of work today and be prepared to act fast. This is the only way financial services organisations can combat aggressive ransomware threats. 

Simon Eyre is Managing Director and CISO at Drawbridge

You Might Also Read: 

Ransomware’s Serious Effects On Cyber Security:

 

« Fixing The Cyber Security Workforce Gap
Edge AI: The Future of Artificial Intelligence And Edge Computing »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

Chertoff Group

Chertoff Group

The Chertoff Group provide security advice and risk management services covering cyber security, insider threat, physical security and asset protection.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

ITQ Latam

ITQ Latam

ITQ Latam are specialists in cybersecurity, in a convergent ecosystem of technological solutions in infrastructure, cloud and security networks.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

ZENDATA

ZENDATA

ZENDATA are an innovative provider of intelligent, tailored cybersecurity solutions to global companies and public sector institutions.

Black Alps

Black Alps

Black Alp's mission is to promote cybersecurity through the organization of dedicated events.