What is Ransomware?
Ransomware, defined as the malware that requires you to pay a ransom to get back your data. A straightforward act where your data is encrypted and can be accessed by you once you are willing to pay a ransom to the hacker—usually in the ways of bitcoin. After this, the hacker gives you a decryption key to resume your accesses.
Just because it sounds simple, it doesn’t mean it is by any chance, a cybercrime that you can take lightly. This effort is not necessarily a one where your hacker is slowly brewing a cybercrime in your network and shipping out information or a one where your data is gradually getting manipulated instead of simply stealing it. (Read our blog on data manipulation to know how exactly it is done.) Here the hacker gets bold and locks you away from all your sensitive files, sometimes even your computer until the demand is met.
It has to be among the most dramatic cybercrimes out there. It is also among the most serious ones. In 2017, ransomware costed businesses $5 billion in losses. Locking out sensitive information, especially if it concerns government agencies and hospitals, can be the difference between life and death. No wonder that ransomware is a popular choice to carry out cyber warfare as well. We have discussed this at length in our blog, “what is cyber warfare-taking cybercrime to the digital front line”.
How does it happen?
It is one of those cybercrimes that takes advantage of the fallacies in human behavior. That urge to fall for clickbait emails or make mindless decisions under pressure are key habits that hackers prey on. The infamous phishing email is a popular choice for ransomware.
An ideal habitat for a hacker wishing to plague your network with malware does not need much.
To conduct a successful ransomware attack, your hacker needs the following conveniences (or your inconveniences):
- An organization where data is priceless (basically, every organization that exists)
- An IT team that is juggling multiple tasks and stretched out too thin to be effective enough
- Your security measures, or rather lack of security measures
- Important data which is barely protected enough
- Important data that does not even have a backup
- Accounts that have access to sensitive files, again, with lack of security measures
- Most importantly, an employee who will fall for that phishing email for you
Now, if your organization falls under any or all these categories, then, unfortunately, you can easily fall prey to ransomware.
With the changing landscape of threats, devices, and the constant upgradation of these malwares, your hacker’s malware signature may not even be detected by the many anti-malwares and anti-viruses. According to Kaspersky, researches detected 16,017 new ransomware modifications in Q2 2019 alone.
Although these softwares are crucial aspects of your security posture, you cannot build your organizational security around them.
Organizations today, even have a dedicated fund for ransomware damage control and reserve bitcoin fund, according to a report. This enhances how crippling ransomware could be for business and also sheds light on how the security measures today are not up to par. While it is a good practice to have a well-rounded damage control plan against cybercrimes in general, at all times, it is crucial to have a plan to prevent it as well.
If you think your organization is an ideal habitat for a hacker to carry out a ransomware attack, then, let’s change that now, shall we?
The 5 steps to ransomware-proof your business:
- Knowledge is the key to fight ransomware. If you think security training for your employees is a mere formality, think again. Your firewalls and the anti-virus can all be redundant if your employee decides to forgo all security measures and clicks on that email sent with regards by your hacker. Employee security training should be mandated practice. Your IT team should also carry out tests to see which employee is more likely to click on a phishing email. This shouldn’t be carried out as a means to call out on your employee, but more so as a learning experience for you and your employee. Read our blog, “employee security training-why is it important”, to know about it.
- Ramp up the security privilege of your privileged accounts as well. Privileged account for 80% of all security breaches, according to a Forrester report. I am certain you are aware of why, as well. The name screams sensitive information. Privileged accounts have access to sensitive files, admin rights, basically the information that could potentially turn your business haywire. Privileged accounts must be tracked cautiously. You have to keep a tab on their accesses. Is an employee using these at unusual times? Is someone requesting privilege access when it isn’t necessary? Are privileged accesses time based, or are there orphan accounts with privileged accesses, just waiting for a hacker to take over? At all times, you have to know the answer to these crucial questions.
Know more about protecting privileged accesses:
Top 5 best practices to secure privileged accounts.
Just in time for Privileged Access Management- Don’t distribute accesses like flyers
- Least privilege for your employee as well as the hacker. Every employee in the organization is entitled to access certain applications. As their time in the organization increases, they go through changes in roles and locations. To facilitate the change and to maximize productivity, the employee is given all the access that sets them up for success. But carry this out without a proper system, and you’ll end up with one too many employees with additional accesses, which are never reviewed for revoking. Owing to today’s fast-paced business, employees are sometimes granted access without a lot of background check of their roles. The questions like why they need access and if they are even entitled to it, are barely asked. Even roles of shadow IT comes into play, where others can approve admin level rights without going through the appropriate access workflows. In this disorganized process, you leave a gold mine for the hacker. If the employee has only access to what he/she needs and no more or no less, then the hacker hits a wall within your network. When the hacker demands a ransom for this data at hand, you can decide if it is worth it.
- Zero trust, always. This is not a new term, the term coined by Forrester has picked up since its inception with the motto – “always verify, never trust”. This means that every access, every login in your network, must earn your trust and identity has to be verified. This ensures that whenever there is an intruder in the network, they have to go through multiple layers of security before accessing any resource. If the access seems unusual to your network, the authentication can be stepped up or even barred from accessing the resource altogether. Zero trust ensures there are silos of accesses for each employee, and there is a particular path which the employee can take, and that’s about it. Zero trust policy falls right in line with implementing the least privilege. This way, a hacker in your network who is trying to attack you with ransomware can be nipped in the bud.
Read our blog, “zero trust policy-always question before you allow” to know more.
- Intelligent solutions to combat intelligent hackers. Hackers are smart; there is no denying it. There is a reason they have left several CISO’s wondering what went wrong. To combat this, you need equally intelligent solutions. Intelligent risk engines that monitor access at all times, generate risk score, and allow or deny access based on the level of risk is the need of the hour. These cognitive technologies can comb through data way faster than the human brain, saving time and increasing the efficiency of your team.
Your sensitive data is of high value to a hacker with an intention. It does not stop at financial data. The personally identifiable information of your customers is of value to them too. Losing this can be a significant loss to you considering the stringent regulations like GDPR.
Ransomware is just another way of hackers taking advantage of the vulnerabilities in your network. Could you not give them that chance?