10 Feb Ransomware and the dreaded Attack-Loop!
Ransomware has unfortunately got off to a strong start in the first 5 weeks of 2020, just as it was predicted to do so by a number of independent resources and experts in the latter half of 2019*
*Beazley breach report, BCI Horizon scanning report
What is Ransomware?
Ransomware is a kind of Malware which targets your computer network and specifically seeks to encrypt your files and data. Once this has been achieved, the attacker will then present you with a prompt which demands a ransom (usually bitcoin) from you or your company in order to restore access permissions to your files and data.
Kaspersky report that around 36% of those that get hit with Ransomware elect to pay the ransom, of which only 19% then go on to fully retrieve their data. The odds are definitely not good either way, and that’s usually after the huge loss of both transactional business and reputational damage, which is usually enough to put most SMB’s out of business for good.
Unfortunately for us, ransomware isn’t going anywhere fast. Other forms of threats are still out there however ransomware is particularly pertinent right now, appealing to those that want to make a quick buck by turning to off-the-shelf ransomware packages and programmes in order to generate their ill-gotten gains.
Is my business at Risk?
Short answer to this – Probably! There are a number of ways that Ransomware can gain access to your network.
Phishing scams are the most common delivery mechanism (see our December Blog Gone Phishing here), attachments that are delivered to the victim in an email and are usually convincingly disguised as a file they should trust. Once clicked on and opened/downloaded, they can then install software which can take over the victim’s computer.
Malspam (Malicious Spam) is another attack type which uses social engineering in order to trick victims into opening attachments or clicking links which appear as legitimate. The sender in this instance usually poses as a trusted institution or a friend (HMRC are consistently spoofed here in the U.K for this kind of attack).
The proliferation of Ransomware is so bad that according to McAfee, attacks grew 56% in the 12-month period of 2019.
The following predictions paint a glum picture for 2020 and ahead I’m afraid!
• According to RSA Security, the future of this growing (Ransomware) threat will include not just a lockdown on integral files and folders, but access to networks and accounts. (Source: RSA Security)
• Palo Alto Networks predict a noticeable increase in Mac ransomware. (Source: Palo Alto Networks)
• Cybersecurity Ventures predicts ransomware will cost $6 trillion annually by 2021. (Source: Cybersecurity Ventures)
• MIT predicts cloud computing companies will see increased attacks against their systems. (Source: Computer Weekly)
A step up in sophistication
The last two years have seen the Cybercriminals really up the ante in the amount of innovative and sophisticated techniques that they’ve bought to the market – I’m referencing the dreaded ransomware “attack-loop” whereby the attacker manages to inject the malware into your network, however detonation is delayed and the malicious code spends the next (up to) 6-months permeating throughout your entire system and backup files, waiting for the perfect time to detonate. This usually happens over a bank holiday period (WannaCry, NHS, May holiday period, Sodinokibi, Travelex attack, New Year’s Eve 2019) to wreak ultimate havoc and devastation.
You’ll be pleased to know that there are several measures that can be taken in order to mitigate the risk that’s presented by ransomware (this advice has been taken from the National Cyber Security Council website):
• Defend against phishing attacks – phishing works by exploiting people’s natural instincts to be helpful and efficient. A combination of technological, process and people-based defences will help organisations minimise their user’s exposure to phishing, recognise and report an attack, protect against attacks that slip through and respond to an incident.
• Vulnerability management and patching – some ransomware gains control by exploiting software vulnerabilities in operating systems, web browsers, browser plug-ins or applications. Often these vulnerabilities have been publicly known about for some time and the software providers will have made patches available to mitigate them. Deploying these patches, or otherwise mitigating the vulnerabilities, is the most effective way of preventing systems being compromised.
• Controlling code execution – consider preventing unauthorised code delivered to end user devices from running. configuration of the platforms you are running.
• Filter web browsing traffic – we recommend using a security appliance or service to proxy your outgoing web browsing traffic.
• Control removable media access – see the advice on management of removable media to prevent ransomware from being brought in to an organisation via this channel.
The following should be implemented alongside the above measures to limit the impact in the event of an attack:
• Good access control is important. The compartmentalisation of user privileges can limit the extent of the encryption to just the data owned by the affected user. Understand the risks brought in by the system administration model that your IT architecture uses.
• Ransomware doesn’t have to go viral in your organisation; limit access to your data and file systems to those with a business need to use them.
• Have a Backup of your data. Organisations should ensure that they have fully tested backup solutions in place. Backup files should not be accessible by machines which are at risk of ingesting ransomware. It is important to remember backups should not be the only protection you have against ransomware – the adoption of good security practices will mean not getting ransomware in the first place.
We have the skills, knowledge and experience to put the best measures in places which will help mitigate your business in the event of an attack.
Our Data Backup Service scans your current data repositories for Ransomware & attack loop code, before segregating and backing up.
Get in touch today at [email protected] for a no obligation quote and complimentary security posture report of your business domain, and a free copy of the Beazley breach report/BCI Horizon scanning report which are featured in this blog.