By Sekuro Hackcelerator 2021 Mentee, Daniel Patterson
What is Ransomware?
Ransomware is a specific type of malware (malicious software) that disables a computer system, typically by encrypting data and denying access until the victim pays a ransom. [1]
Background
Early examples of ransomware were relatively simple and encrypted data could be easily recovered,[2] however ransomware has evolved to become one of the most prevalent types of cyberattack. [3]
Insurance group AIG reports a 150% increase in ransom claims since 2018 [4] and cyber-insurance premiums have increased by 22% over 2021. [5] The sophistication of ransomware and encryption used today means that without the decryption key, data is effectively lost. [6] Successful ransomware attacks can paralyse an organisation since it will have to overcome the loss of business and reputational damage as well as the costs of restoring and hardening systems. [6] The losses suffered through being unable to operate may be higher than the ransom, and some organisations may feel they have little choice but to pay up.
in may 2021,
A ransomware attack shut down the colonial oil pipelines responsible for supplying nearly half the fuel needs of eastern United States. [7] This caused an increase in fuel prices which continued long after the attack.[8] In July, hackers demanded a whopping US$70 million payment after U.S. technology company Kaseya suffered a ransomware attack that took systems offline in as many as 1500 businesses around the world, [9] from supermarkets in Sweden to schools in New Zealand. [10] To make matters worse, in the case of ransomware attacks lightning does strike twice. In May 2020, Toll Group announced it was taking the necessary precaution of shutting down some of its systems as it began to combat its second major cyberattack of the year. [11]
conclusion
Ransomware is not going away and despite increased sophistication, ransomware attacks need only minimal technical skill to carry out. [12] Ransomware-as-a-Service (RaaS) vendors provide attackers with ready-made ransomware tools, as seen in the Colonial Pipeline attack. [1] [13] Social engineering techniques such as phishing can be used to gain access to a target system and deploy ransomware to encrypt data once inside. [2] [13] Where robust encryption is used, such as the Advanced Encryption Standard (AES) – approved by the National Institute of Standards and Technology (NIST) for Government use – encrypted data is unlikely to be recovered. [14][15] Therefore when it comes to ransomware, prevention is better than cure. [6]
The best protection against ransomware is a defence-in-depth approach.
Training and education can reduce the risk by helping users identify and report threats. [16][17] Tools such as firewalls and intrusion detection/prevention systems can help protect against remote access,[15] and email services such as Outlook and Gmail can be configured to block links that trick users into visiting malicious sites or opening dangerous attachments. [18][19] Good housekeeping practises are also important, as patch management will ensure antivirus software, applications, and operating systems are protected with the latest updates and regular virus scanning can help to identify threats. [20] Should the worst happen, recovery from a ransomware attack is highly dependent on an effective backup strategy. Regular backups mean that only a minimum of data is lost if systems have to be wiped and restored. [15]
Sekuro's ransomware readiness assessment
Simulating real-world Tactics, Techniques, and Procedures (TTPs) utilised by ransomware adversaries and cyber-criminal organisations to compromise and deploy ransomware throughout corporate Windows environments, Sekuro’s Ransomware Readiness Assessment enables your organisation to understand gaps and remediate ransomware exposure risk with this common and growing risk.
related post:
NIST Cybersecurity Framework
references
[1] content.fireeye.com/m-trends/rpt-m-trends-2020
[2] doi.org/10.1049/iet-net.2017.0207
[3] doi-org.simsrad.net.ocs.mq.edu.au/10.1007/978-3-030-65745-1_23
[4] www.aig.com/content/dam/aig/america-canada/us/documents/business/cyber/aig-ransomware-global.pdf
[5] www.insurancejournal.com/news/national/2021/06/21/619446.htm
[6] learning.oreilly.com/library/view/the-ransomware-threat/9781787782808/xhtml/half.html
[7] simsrad.net.ocs.mq.edu.au/login?qurl=https%3A%2F%2Fwww.proquest.com%2Ftrade-journals%2Flawmakers-criticize-colonials-reticence-about%2Fdocview%2F2544548904%2Fse-2%3Faccountid%3D12219
[8] www.sciencedirect.com/science/article/pii/S0165176521003992
[9] www.reuters.com/technology/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05/
[10] www.reuters.com/technology/coop-other-ransomware-hit-firms-could-take-weeks-recover-say-experts-2021-07-05/
[11] www.afr.com/technology/hacked-again-toll-group-systems-hit-by-fresh-ransomware-attack-20200505-p54q19
[12] www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-july-2019-june-2020
[13] businessinsights.bitdefender.com/combatting-ransomware-as-a-service-raas
[14] www.ieee-security.org/Cipher/ConfReports/conf-rep-aes.html
[[15] M Chapple, J Stewart, D Gibson, D, (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, (Seventh Edition), John Wiley & Sons, Indiana, 2015
[16] www.researchgate.net/profile/Klemens-Koehler/publication/340226309_On_Cyber_-_a_theory_of_human_interaction_via_OSI_layers_1-7/links/5e7ddab2458515efa0adb9c7/On-Cyber-a-theory-of-human-interaction-via-OSI-layers-1-7.pdf
[17] cysecure.org/470/20s/indi/dolan.Jonathan_psychologyPhishing.pdf
[18] https://docs.microsoft.com/en-us/microsoft-365/business-video/safe-links?view=o365-worldwide
[19] support.google.com/a/answer/9157861?hl=en#zippy=
[20] support.microsoft.com/en-us/windows/protect-your-pc-from-ransomware-08ed68a7-939f-726c-7e84-a72ba92c01c3