This is a reflection exercise on the possible evolution of one of the most common information threats nowadays.
Are ransomware threats the big deal that media claim?
Ransomware is a malware variant seen as part of a waving of fast attacks, which means it is fast in entrance and exit. Hackers don’t have to go through the device’s network and perform complicated operations to obtain confidential information. That sensitive information must be sold somewhere and looking for buyers is very laborious for the hacker, besides that anything could go wrong. Many hackers would rather simply cut the broker and generate instant revenues. Ransomware threats have not even approached their downward curve in terms of effectiveness to be used as a serious danger.
What kinds of organizations are most vulnerable to these attacks?
Reports from experts in enterprise data protection services comment that most of ransomware campaigns are launched with the spray and pray technique. Attackers point to massive lists of organizations and employees hoping to hit some target among them.
In the future, ransomware attacks could be especially directed. Think yourself as a hacker; you need a victim who has money and depends on job time as one of the most important factors in his/her business. Critical infrastructure is one of those industries. Hospitals and other time-sensitive industries are online because every second counts. Paying a few thousand dollars is not worth it compared to the possible loss of life. These are the hacker’s thoughts when choosing victims for more specific ransomware campaigns.
How should an organization prepare its defense?
You can’t learn to defend yourself against something you don’t know. If you don’t have a reference about your current response to ransomware, you will not know what to do to improve your strategy. The best way is to simulate a ransomware attack with experts in enterprise data protection services. You can learn all about your organization — response times, reporting techniques, process gaps, and finally how your entire organization can join in a coordinated effort. From there, you can start building your long-term strategy; it all starts from the beginning.
What are the key points for preparing a defense against ransomware?
- Training: You can start with safety awareness. Preventing a ransomware attack is more effective in time, cost, and resources than recovering from one. An awareness program designed by experts in enterprise data protection services applies the critical thinking component of security and not only overwhelms your employees with unreliable messages.
- Response: How quickly you can respond to a ransomware attack is the difference between attack’s success and failure. Your organization has the key to protecting yourself by being self-aware. The faster you can report and work with your IT team, the greater your chances of avoiding a company-wide catastrophe.
- Backup: It is important not only to have backup copies but also to learn how to use them. Too many times, people expect their backup process to work or even have them until it’s too late. You need to explore through your backup processes to see where the security gaps might be.
- Practice: As mentioned above, practice makes the master. After having all these processes and procedures in place, it’s time to try them out and see what happens. From there, everything can get better.
How to train employees to properly react when facing ransomware attacks?
Phishing campaigns simulation is a good starting point, but it’s just the beginning. The true answer lies in training offered to employees before and after the test; it won’t be enough just to talk to them about phishing and tell them whether to click or not an email.
The organization needs to have educational support to ensure its safety. A ransomware campaign is the result of a successful social engineering attack. Employees should be aware about who to complaint about ransomware, when and how to prevent simple social engineering tactics with a successful security awareness program.
How can an active ransomware attack be contained?
Isolation is a difficult part of the incident response plan. There are many providers who can help with the containment phase of the attack, but eradication is the most important thing to ensure that the ransomware does not return when the systems are back online. If this happens, the efforts made in response generate a whole new range of problems.
Negotiation, does it make sense?
To be honest, the answer to this question depends on the situation. However, paying for release your device and files should never be your first choice.
How will the ransomware threats evolve in the next few years?
As already mentioned, at this time it is only possible to notice that the variants of ransomware progress both in difficulty and scale; these variants will continue to increase as social engineering uses all available resources. Specially targeted spoofing emails will grow as a delivery method to drive people to malicious attachments and websites.
The best way to prevent ransomware is to be prepared, practice with simulations and implement a preventive awareness program to build a security culture within your organization.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.