The Rising Threat of Ransomware
What Is Ransomware?
What Does Ransomware Do?
- Crypto ransomware – Crypto ransomware is nothing but a simple weapon with strong encryption applied against victims system to deny them access to those files
- Locker ransomware – This locks the device’s user interface and then demands the victim for the ransom.
- Scareware – usually include tech support or security software scorns, not really dangerous.
How high are the Ransoms?
How Are Ransoms Collected?
Key Ransomware Characteristics
- Unbreakable Encryption
- Ransomware Note
- Bitcoin Payment
- Payment Deadline
- Organized Network
- Hard to Detect
- Extracts Organizations data
- No location is safe
How Ransomware Works
Following are the four steps to show how ransomware actually works
- Ransomware comes in the form of an e-mail with an attachment or a Web address. The moment the attachment is downloaded or the link to the Web address is clicked, the virus downloads itself onto the computer.
- Ransomware takes advantage of flaws that may exist in the computer operating system due to a variety of reasons including the lack of the latest fixes and patches.
- Once active, the ransomware encrypts the data in the hard drive, usually with 24-bit encryption which is virtually impossible to decrypt without an unlock key. Demands are then made for payment, usually via bitcoins because it is almost impossible to trace the recipients. The hackers may then send the unlock key. In many cases, they don’t even do that and the data in the computer is lost forever.
- Newer forms of ransomware, such as WannaCry, use flaws in the operating system to replicate themselves and spread to other devices connected to the network like a computer worm.
Ransomware Attacks in 2020-2021
- Making use of CVE-2018-8453 weakness to expand one’s authorization.
- Encrypting mobile or web drivers that have not yet been taken to the whitelist.
- Averting resource conflict by concluding blacklisted projects.
- Deleting files that are on the blacklist.
- Transferring the system data to the attacker that belongs to the target.
Checklist effective security measures to keep Ransomware at Bay:
- Policies/ procedures: Pandemic-centric cybersecurity policies may be the same or need to be updated as per the new set of cyber-attacks and their consequences. Documentation on Cybersecurity operating procedures must be kept current.
- Cross-training and backup plan: organizations need to create a skills matrix of key cybersecurity personnel and their roles, and need to cross-train them on handling events in case of emergency.
- IDS and IPS management: Make Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) both part of organizations’ network infrastructure. IDS/IPS are configurable to help enforce internal security policies at the network level
- Co-ordinate with network vendors, including local access, internet access, and WAN services, to make sure the ongoing outbreak does not disrupt the network services
- Cybersecurity plans. Ensure the cybersecurity or information security plan is up to date and documented with all necessary data to respond to a cyberattack.
- Integrate a Zero Trust Architecture which helps to prevent unauthorized access, and reduce the risk of any hacker’s movement within your network.
- Security posture assessment: frequent security posture assessments help cybersecurity personnel to identify cybersecurity strength and resilience in relation to cyber threats.
- Incident Response Plan: To identify, analyze, and mitigate a potential cyberattack. An incident response plan helps IT staff detect, respond to, and recover from network security incidents such as cybercrime, data loss, and service outages.