In this article, Manish Kumar is going to give us a glimpse of, ¿What is a ransomware?, ¿How does it work during an attack?, ¿How can you stay safe? And is going to explain to us if the Ransomware attacks are or not on a rise.
A ransomware attack is like a cyber hijacking, with criminals infiltrating and seizing an organization’s data or computer systems and demanding a payment or ransom to restore access.…
National data shows these ransomware attacks are spiking, with experts saying an organization is attacked by ransomware every 40 seconds.
¿What happens during a ransomware attack?
Ransomware is a form of malware that encrypts a victim’s files.
The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key.
¿Can You Ignore Ransomware?
The County Attorney’s office in Pinal County, Arizona was recently attacked by a leading ransomware known as CryptoLocker.
Over 65,000 files were destroyed. Luckily, it did not spread to the courthouse and other public safety networks.
The county had no defense in place.
They did, however, have backups, but restoring their system has been a long process as they make sure all traces of the ransomware have been eliminated.
In the end, they are paying a steep price in time and money to recover their system. They are also paying a price for lost productivity and erosion of trust from the public. All of which could have been avoided with proper cybersecurity.
Ransomware (The explaination)
Is the name given to a class of malware that, once downloaded, encrypts critical data and demands a ransom for releasing it.
Attackers deploying ransomware usually attempt to hit as many individual targets as quickly as possible so the payloads are most often delivered through three methods:
Emails which rely on unsuspecting users to activate
Malicious advertising which relies on unsuspecting users to activate
Which take advantage of pre-existing software vulnerabilities, like those found in common applications (Adobe Flash).
Ransomware specifically targets user files and avoids damaging system files so that the user can be notified of what happened.
It also provides a viable means for the user to pay the ransom in order to get their files back. Once the files are encrypted, the malware usually self-deletes and leaves behind a message.
This will instruct the victim on how to provide payment and regain access to their files.
Some variants display a countdown timer to the victim, threatening to delete the key/decryption tool if payment is not received before the timer reaches zero or, in other cases, may increase the price of the ransom.
How You Can Stay Safe
As the next generation of ransomware evolves, it is critical that your organization deploy a first line of defense that can accomplish three key things:
stop opportunities for lateral movement of ransomware within your network, eliminate its propagation, and reduce the amount of time any attacker has to operate within your network.
Best practices for patching vulnerable internet infrastructure and improving password management are also important, as is monitoring of browser infections so you can more quickly identify and remediate threats.
Your organization can also use network segmentation (splitting your network into sub-networks) to stop, slow and contain self-propagating threats.
- VLANs and subnets that logically separate access to data
- Dedicated firewall and gateway segmentation
- Host-based firewalls with configured ingress and egress filtering
- Application blacklisting and whitelisting
- Role-based network share permissions (least privilege)
- Proper credential management.
Finally, we suggest your organization institute a last line of defense: backup recovery.
Off-site backups are often your only hope for restoring service without paying a ransom.
Just be sure it is not open to compromise
Thank you for your time (Manish Kumar).
Contact Manish Kumar