The Dangers of Ransomware Attacks

Sai Huda is a globally recognized risk and cybersecurity expert and author of the best-selling book, “Next Level Cybersecurity: Detect the Signals, Stop the Hack.” Recently, Sai Huda was featured in a Cyber Insiders podcast by the Cyber Center of Excellence (CCOE), where he spoke about the dangers posed by ransomware.

Sai highlighted that every single type of organization located anywhere in the world is susceptible to ransomware, and now extortionware.

Ransomware is a type of malware that encrypts critical files and systems, so that operations slow down or are completely shut down, until a ransom is paid to the cyber attackers. The attackers will leave instructions on how to pay the ransom to get a decryption key that will restore access. The ransom payment is demanded to be made in bitcoin, making them hard to track. Now, it has evolved to extortionware, since the attackers have enhanced the malware to first copy the data, exfiltrate it, then encrypt, so that if the victim refuses to pay the ransom, the attacker can then threaten to sell or disclose publicly the stolen data and compel the victim to pay the ransom.

The ransomware has also evolved to scan for key words and search for backup files to encrypt, and there are many variants of the malware being produced by attackers. The attackers are frequently criminal gangs financed by nation-states.

Ransomware can enter through various vectors including phishing emails. An attacker sends emails with infected attachments to employees masquerading as from someone familiar or with authority, such as CEO or manager. If an employee opens the attachment, the ransomware infiltrates the system, leveraging administrative tools to take over and encrypt files.

The adverse impact to an organization can be devastating. Some organizations have shut down permanently from ransomware, unable to recover since operations were shut down for weeks and months. Recently, even a hospital patient died from a ransomware attack because the hospital was unable to provide the patient in critical condition with healthcare and re-routed to another hospital and by the time the patient received service, it was too late.

Huda advises organizations to improve the quality of security awareness training provided to employees so they can better identify phishing emails and to implement more sophisticated scanning of emails, and a more intelligent anomalous activity detection system to detect ransomware signals. In his book, Next Level Cybersecurity, Huda reveals the ransomware signals. Also, to have backups offsite, so the ransomware cannot encrypt the backup files and recovery can be quick. Finally, Huda advises ongoing scanning for vulnerabilities and prompt patching and configurations to avoid providing the attackers an easy opening.

Reasons Cyber Attacks Are Difficult to Prevent Completely

Cybersecurity expert and author of the best-seller, Next Level Cybersecurity: Detect the Signals, Stop the Hack, Sai Huda, advises leading companies to bolster their cyber-attack preparedness, ensuring they can positively identify attack signals and take measures to stop the attack before any damage is done. Sai Huda did a book-signing at the 2020 RSA conference and spoke on the seven step-method to detect the attackers as revealed in his book. He also spoke in an interview with the Editor-in-Chief of Big Data-Made Simple where he shared his insights on cybersecurity best practices.

One question he answered was why companies still faced cyberattacks despite investing millions to stop them. According to him, the reason was three-fold: the difficulty of locking out bad actors, the allure of valuable data, and hackers’ growing level of sophistication.

Companies continue to face cyber-attacks because prevention is almost impossible. In the digital world, there are too many doors, windows, and potential entry points for attackers to exploit. Locking all these doors is virtually impossible and as long as these companies hold valuable data, attackers will always figure out a way to gain entry.

In addition, the attackers themselves have become sophisticated and are capable of creating and deploying malicious applications designed to evade cybersecurity systems. Today, they do not have to steal the data. Attackers can simply hijack companies’ internal systems, hold sensitive data hostage, and demand ransom payments. With this in mind, companies should equally invest and focus in cyberattack detection. Huda reveals in his book the top 15 signals of the attacker and a seven step method to detect them early and stop the attack before any damage is done.