Wednesday, October 14, 2020

The Dangers of Ransomware Attacks

Sai Huda is a globally recognized risk and cybersecurity expert and author of the best-selling book, “Next Level Cybersecurity: Detect the Signals, Stop the Hack.” Recently, Sai Huda was featured in a Cyber Insiders podcast by the Cyber Center of Excellence (CCOE), where he spoke about the dangers posed by ransomware.

Sai highlighted that every single type of organization located anywhere in the world is susceptible to ransomware, and now extortionware.

Ransomware is a type of malware that encrypts critical files and systems, so that operations slow down or are completely shut down, until a ransom is paid to the cyber attackers. The attackers will leave instructions on how to pay the ransom to get a decryption key that will restore access. The ransom payment is demanded to be made in bitcoin, making them hard to track. Now, it has evolved to extortionware, since the attackers have enhanced the malware to first copy the data, exfiltrate it, then encrypt, so that if the victim refuses to pay the ransom, the attacker can then threaten to sell or disclose publicly the stolen data and compel the victim to pay the ransom.

The ransomware has also evolved to scan for key words and search for backup files to encrypt, and there are many variants of the malware being produced by attackers. The attackers are frequently criminal gangs financed by nation-states.

Ransomware can enter through various vectors including phishing emails. An attacker sends emails with infected attachments to employees masquerading as from someone familiar or with authority, such as CEO or manager. If an employee opens the attachment, the ransomware infiltrates the system, leveraging administrative tools to take over and encrypt files.

The adverse impact to an organization can be devastating. Some organizations have shut down permanently from ransomware, unable to recover since operations were shut down for weeks and months. Recently, even a hospital patient died from a ransomware attack because the hospital was unable to provide the patient in critical condition with healthcare and re-routed to another hospital and by the time the patient received service, it was too late.

Huda advises organizations to improve the quality of security awareness training provided to employees so they can better identify phishing emails and to implement more sophisticated scanning of emails, and a more intelligent anomalous activity detection system to detect ransomware signals. In his book, Next Level Cybersecurity, Huda reveals the ransomware signals. Also, to have backups offsite, so the ransomware cannot encrypt the backup files and recovery can be quick. Finally, Huda advises ongoing scanning for vulnerabilities and prompt patching and configurations to avoid providing the attackers an easy opening.