Ransomware is a piece of malicious software (malware) that has the intention of encrypting the files of the victim. Once the files are encrypted the attacker demands a ransom (most often an amount of money) from the victim. The victims are contacted and given instructions of how to pay and how to receive a decryption key to regain access to their files. The costs of this decryption key vary from a few hundred to thousands of euros. These payments to the cybercriminals are mostly done via cryptocurrency.
In this article we will tackle some questions on how to cope with ransomware and how to prevent it.
There are multiple reasons why companies can fall victim to ransomware. Below we have summed up the most common ones.
Out-of-date systems. One of the basic principles which are often underestimated is keeping all systems up to date.
New vulnerabilities are discovered every day. Software patches and updates are the suppliers' response to those vulnerabilities. If systems are not updated, either because of the laxity of the administrators or because the system can no longer *be* updated since it is no longer supported by the supplier (such as Windows 7 since January 14). This means the existing vulnerabilities will remain, which gives attackers free rein on your systems.
A too lax permission management is another reason a lot of companies are the victim of malware. Malware, and ransomware in this case, is especially designed to spread as fast and as far as possible.
If, for example, my computer is infected with ransomware, that malware will look for the resources I have permission for. These resources can include systems, applications, files, shared folders and networks. The more access rights I have the further the malware can spread.
Tip: Follow the “Least privilege” principle which states: Only give those permissions that are strictly necessary to perform the job.
A weak passwords policy is another reason a lot of organizations fall victim to various cyberattacks.
Weak passwords can be supplemented with Multi-Factor Authentication (MFA), which typically uses two or more independent access methods like passwords, security tokens, and biometric verification.
Phishing is a type of scam via email where attackers try to persuade people under false pretenses. They try to trick people to log-in somewhere, click on links, execute files, transfer confidential data (personal or professional), etc. The scenarios are countless as these hackers are very creative.
These phishing attacks are used to get a foot in the door. From there they work their way to their goal, which can be as various as the scenarios they use.
Nowadays, phishing is the number one used technique to hack companies (Cyber Security breach survey 2019 - UK Government). The attackers like to use phishing as it is the most easy way to reach a large audience. They just have to send one email to a large database. For companies, it is very difficult to arm themselves against these kinds of attacks. If only one employee is not alert enough and clicks a link or logs in somewhere unsafe, … he or she can put the entire company at risk.
Get the current status with regard to the vulnerabilities of your current systems. Vulnerability management allows you to regularly map your systems and associated vulnerabilities. The responsible teams gain insights into the identified vulnerabilities, furthermore they also see the progress when they take specific actions. More importantly, with automated vulnerability management, they can also check whether the implemented patches or changes were implemented correctly.
Ask for help! There are companies employing specialized, ethical hackers who can examine your systems, identify the weaknesses, and help you prepare a remedial plan.
Examining and identifying the weaknesses of your systems is called a penetration test, or pentest. A security exercise, an analysis, where ethical hackers simulate a series of attacks on your environment, application (web, mobile, or API) or network to find and list your vulnerabilities, their exploitability which attackers could take advantage of and their impact.
The output of a pentest is to list vulnerabilities, the risks they may pose to applications or a network, and a concluding report. Common vulnerabilities include design errors, configuration errors, software bugs etc.
Gain insight into the events in your area. Security information and event management (SIEM). (Managed) SIEM allows you to correlate and evaluate security events based on defined rules. A SIEM tool does not only provide a starting point in the event that unwanted behavior is detected, but also ensures that the events involved are stored in a location other than the compromised system.
Your attack surface on your systems can be reduced in various ways, technical and non-technical. As stationed above there are a number of technical ways like:
Another very important aspect to reduce your attack surface is ‘User Awareness’. If the users of your systems are aware of the dangers, the possibilities and the scenarios attackers use they are more likely to notice the attacks.
How to increase user awareness?
When fallen victim to ransomware, the chances the attackers ask for money is substantial.
Do not pay in any case! You are not sure that the attacker will release your data after payment. And even if they release your data, you are not sure that they will not encrypt your data again with another key.
So what should you do?
Contact Cronos Security to check if that type of ransomware is not cracked and that decryption keys are available to the public.
A magical solution to prevent cyberattacks, like ransomware, does not exist. The best approach is known as the Castle Approach, an in-depth defense system. This is a concept in which multiple layers of security controls are implemented in the company’s IT systems. This means that when a security layer fails or forms a vulnerability another layer is still in place.