Articles

What Companies Need To Know About Ransomware

Image courtesy: https://labs.bitdefender.com

By Rabia Garib and Tauseef Mallik

Forcefully restricting access to critical data can make grown men cry. In the pre-Cloud and manual redundancy years, a CIO’s biggest worry was data leakage and viruses. Well, one of the many worries. Today with the help of ERPs, automation and a lot of experience through trends analysis, there is so much at stake with regards to the integrity of data. If you lose access, you’re toast. History. And perhaps even fired.

Ransomware attacks quickly made it to the top of the list of a ‘CIO’s worst nightmares’. You know, that list which doesn’t let you sleep because random bits of data are whacking around the neurons in your brain. Like any brute force attempt, ransomware attacks have played havoc with the networks they have shut down.  And it’s more difficult to track these digital kidnappers who carry out cyber-extortion attacks. They infect computers with ransomware and then demand money in return of the user data they have held for, you guessed it, ransom.

Ransomware is a malicious software or malware that essentially takes over a computer and prevents users from accessing data. This blocking of resource through ransomware can be done in two ways: either block the whole resource and ask for a password or it continues to give you the access but all the data and files remain encrypted. The encryption key remains with the attacker. If the ransom isn’t paid, the data is often lost forever. If the ransom is paid, chances are still slim that you will ever be able to see your data again.

Ransomware is different from other cyber attacks, the Denial of Service or Man-in-the-Middle attacks which target confidentiality; Ransomware targets accessibility. It restricts it. Kills it. Nukes it. You get the point. These attacks generate a lot of money. Earlier in 2017,  hackers generated almost $100,000 within three days of a ransomware attack. More recently, a North Korean service provider paid $1 million to get its data back, as the hackers had encrypted hundreds of servers of the company’s clients.

In both the cases, the attackers used a backdoor to target the vulnerabilities in the operating system to encrypt data in the workstation. In the good old days, it was quite possible to trace the origin of the attack and attackers. But with the advent of bitcoin and other cryptocurrency has made the tracking an impossibility, which leads to an increase in the frequency and intensity of ransomware attacks.

Cryptocurrencies facilitate anonymity thus allowing the attackers to access and exchange it from anywhere and makes it very hard for law enforcements to trace their whereabouts. This has given a new dimension to ransomware and the hackers are now rehashing the old-age attacks, like one recent attack was the rehashed version on a ransomware first encrypted in 1989. Imagine that – we’ve entered the age of recycling old strategies. Ransomware attacks have not remained loyal to any certain sector; they have targeted hospitals, financial institutions, utility providers and the government sector. The industries and sectors do not adhere to the latest cyber security best practices, hence remain at risk.


Common Sense Security Practices

There still are ways companies can protect their data by implementing a layered architecture of security. This includes basic configuration, blocking of ports and installing anti-viruses along with updates and patch management of the entire infrastructure.

Organizations also need to do risk-assessment first and prioritize their data: public, sensitive and critical. Not every byte is critical and when every second matters during recovery, reviving garbage may not be the best use of time, money and resource. Experts suggest that there is not much need to spend money on securing public data; organizations rather need to focus on securing their critical and sensitive data, which is a source of revenue for them.

Ransomware uses phishing as a mechanism to fool users into clicking a link or file – humans remain the weakest link in the security chain. The Ransomware attacks will continue to make top news headlines simple

To Top