Ransomware : Beware of the Blackmailer

By


“Ransomware is more about manipulating vulnerabilities in human psychology than the adversary's technological sophistication”

― James Scott, Sr.

In May 2017, over 300,000 organisations worldwide were affected by dangerous "WannaCry" ransomware spreading to through networks exploiting Microsoft Window. WannaCry encrypted organisations’ files and demanded $300 worth of Bitcoins to receive the decryption key. 

In March of 2021, insurance giant CNA Financial paid $40 million in bitcoin to a culprit recover their data from Phoenix CryptoLocker ransomware. In June 2021, JBS Foods paid $11 million in bitcoin to a Russian hacker group to prevent further disruption from a ransomware.

Ransomware is a malware, when infected, encrypts the data in the computer, and deny the access to the files, making to the system a hostage. The culprit demands a ransom payment in exchange for the key to decrypt files in the system.

Ransomware has become the most prominent  malware today. They spread through phishing emails containing malicious attachment or through a website link, when visited, the malware is downloaded and installed without the user’s knowledge known as drive-by downloading.

Crypto ransomware spread through social media, instant messaging applications. 

The potential negative impact of Ransomware on business can be massive. It includes temporary or permanent loss of sensitive data

  • disruption of business operations,
  • financial losses caused to restore files
  • harm to the organization reputation

There is guarantee that the encrypted files will be released after the payment of the Ransome.

Defending against ransomware is active process.  If happened, the result could be devastating, and recovery can be a difficult. Due preparation can help you prevent or decrease the impact of a ransomware attack.

Following are the best practices to reduce the attack surface and potential exposure to ransomware.

Training and Education: 

Train your users to identify and avoid potential phishing emails that carry ransomware. Humans are the weakest link causing cyber attacks; Hence user education is crusial for preventing ransomware attacks.

Backup your data continuesly: 

Do not become a victim by paying a ransom to  the culprit. The automated, protected data backups can help you recover data with a minimum of data loss. Deploy a data backup and recovery plan for all mission critical information, and test your backups to limit a data loss and to speed up the recovery process. Networks enable fast spreading of ransomware. Therefore isolate your backups from the network for maximum protection.

Patch your systems regularly: 

Patching is critical for defending against ransomware attacks. The cyber criminals often look for the latest uncovered exploits in the systems which not yet patched. Keep the operating system and software up-to-date with 

regular patching to reduce the attack surface. 

User Authentication: 

RDP like Access Control services can be exploited by hackers with stolen user credentials  

Maintain up-to-date anti-virus software:

Scan all software downloaded from the internet prior to executing, and use a sandbox to test them.

Restrict users installing their choice of software applications at end points. Only allow use of verified and approved software installed by support staff.

Avoid enabling macros in office documents.  When a user opens an attachment with  macros, the embedded macrob code will execute the malware on the machine.

Do not enable USB drives that may have been infected with a malware, which will download and install a malware.  

Use Cloud storage to automatically synchronise local files in the system. 

Untrusted file and software downloads, peer to peer torrents, free hosting websites, freeware download sites, and unofficial web pages can be sources of ransomware. Browsing internet with administrative account is exposing your computer for ransomware.

4. Establish a recovery time objective:

The RTO is the length of time it takes to wipe the infected machine and restore it from the backup. regularly test your recovery process

Mitigating a ransomware infection

If you see the ransom message, your files are already encrypted. They are likely unrecoverable. Follow these steps in recovery process.

Quarantine the system: 

Certain ransomware variants spreads through  the network.  Disconnect the computer from the network.

Leave the Computer On: 

Although the encryption of files can make a computer unstable, the  powering off the computer reduces the probability of recovery.

Decrypted files by some ransomware can be recovered without paying the ransom. Therefore make a bit-to-bit copy of the disks. 

Check for Decryptors: 

Check the No More Ransom Project to see if there is a free decryptor is available. Try running a copy of the encrypted data to see if it can restore the files.

Ask For Help: 

Ask for help from a digital forensics expert to   recover files that may not been deleted by the ransomware.

Wipe and Restore: 

Completely wipe data and restore the machine from a clean backup or operating system installation to ensure that malware is totally removed.

Daily Ransomware News

https://portswigger.net/daily-swig/ransomware


Niranjan Meegammana 

Comments

Post a Comment

Popular posts from this blog

ISO 27001 ISMS in a Nutshell

By
Image
Image : ISO The ISO 27001 certification is the most comprehensive  information security standard recognized globally. It ensures standardizing of your organisation's information security strategies to ensure confidentiality, integrity and availability of your systems and data to conduct your business effectively.  Gaining the certification is a journey with several milestones. It is a carefully planned systematic activity that transforms an organisation to a secure entity,  where everyone becomes a stakeholder in information security. Follow this processes to get to your goal successfully. Step 1. Obtain Management Support . This is the most critical requirement to achieve ISO 27001 status. Your ISMS project will definitely fail if it does not receive to management support. The management should provide, people, money and strategic direction for your ISMS to be a success story. In the sections below you’ll find some tips on how to convince your management, and how much the implemen
Read more

How easily the data breaches occur? 5 ways to be aware of.

By
Image
Data breaches can occur at any unexpected moment. Unless you do not detect it fast, cybercriminals will have more time to exfiltrate information and cause bigger damage. On average it takes up to 30 days and costs $1 million to address a data breach incident stated 2021 Cost of a Data Breach Study. However, it could be more if you wait longer. Unfortunately, some took 6 months to respond.      Better safe than be sorry! Be prepared against data breaches.  There are 5 ways for your organization to avoid data breaches. Here is how. 1. Weak and stolen credentials  The most simplest way hackers use for data breaches is stealing passwords. Many people use predictable passwords like ‘Password1’ and ‘123456’. With them, cybercriminals don't even need to hack into a system to steal your sensitive data.  There are many tools that can help a cybercriminal to crack passwords. They run millions of popular credentials to break into your system. This requires you to have a strong password policy
Read more

Best Practices for secure Software Development

By
Image
image : OpenSense Labs Are you aware of the  Solarwinds attack in 2020? The hackers exploited software vulnerabilities of Orion IT monitoring and management software used by thousands of enterprises and government agencies. This hack triggered a larger scale supply chain incident which affected thousands of organizations, including the U.S. government. The attackers infliltrated the Solarwinds network, and infected the software used for Network monitoring before it shipped to customers.This insident and many more warn us on the importance of building secure software.  Secure software development is a methodology used for creating robust software by incorporating security practices into every stage of the software development life cycle (SDLC). It begins at planning stage before a single line of code is written, and continue through the life cycle. A bug fixing at implementation stage cost six times than fixing it during design stage. Every new feature added, may carry series of vulnera
Read more