fbpx

Ransomware - A Real Danger

Be knowledgeable and prepared

RANSOMWARE

Protect Your Business

Ransomware (definition): An online attack perpetrated by cybercriminals who demand ransom to release hold on encrypted or stolen data. In the past decade, attacks that fall under the ‘ransomware’ umbrella have evolved from a consumer-level nuisance of fake antivirus products, to sophisticated malware with advanced encryption capabilities that now primarily target public and private sector organizations. And while threat intelligence can help uncover which organizations may be considered primary targets at any given time, no single industry, geography or size of business is immune. As the footprint of ransomware keeps evolving, so too does the amount of ransom demanded to release data. Ransom amounts that used to total double digits have grown to seven and eight figure numbers. In even more extreme cases, attackers demand victimized companies pay as much as $40M to $80M U.S. to have data released back to their control.

Ransomware has evolved along a third axis, as well: the extortion-like business model threat actors use to force payment from victims. If victims fail to pay within the allotted time, criminals escalate the attack and threaten to release confidential data publicly, or even auction it to the highest bidder on the dark web. And in yet another evolutionary twist, ransomware is now sometimes blended with destructive attacks, ultimately aimed at destroying and disrupting operations despite claims to return the data once the ransom is paid. Ransomware is one of cybercrime’s strongest business models today, pushing aside long held staples like banking Trojans, phishing, DDoS, and cryptojacking. Ransomware has crippled organizations across the globe carrying with it cumulative price tag well into the billions of dollars. In an even darker twist, ransomware has even begun reaping a toll on human life itsel

The urgency of informed response

When a ransomware attack is discovered, every second counts. Uninterrupted, time is the ally of the attacker. As time passes, more data and files are encrypted, more devices are infected, ultimately driving up both cost an damage. Immediate—yet methodical and informed—action must be taken.

Alerting IT security teams and allowing them to launch the incident response process that they have prepared to combat ransomware should be a first step. If you have a retainer contract with a third party provider it is advisable to engage them as well. Other parties to consider contacting are federal law enforcement and regulators, depending on the local requirements for the geographies in which your company operates.

Ransomware attacks in 2021

%

Increase in attacks in the past year

Attacks per customer

SERVICES

Ransomware Services

Detection

The way by which an organization first detects ransomware infection can vary according to the situation.

Analysis

When embarking on the Analysis phase of the incident, it is essential to identify the specific variant of ransomware that compromised the environment.

Containment

The Containment phase is a critical part of the response plan.

Eradication

epending on the scope of the attack, this operation can be lengthy and may involve both user devices and more pivotal machines and services that have been impacted.

Recovery

Depending on the results of your root cause analysis, if the attack was made possible by vulnerable systems, those will have to be patched to prevent them from being re-exploited in the future.

Post-Incident Activity

fter any incident, large or small, it is recommended to meet with relevant stakeholders and discuss the elements that worked well and examine those that did not work.

Considerations

Ultimately, some organizations feel compelled to make a decision about whether or not to pay a ransom. Factors that may force this decision more rapidly include a need to resume operations as quickly as possible, or to regain access to important files that cannot be recovered by other methods.

CITS