{"id":36748,"date":"2022-05-30T16:14:09","date_gmt":"2022-05-30T05:14:09","guid":{"rendered":"https:\/\/www.institutedata.com\/?p=36748"},"modified":"2022-05-30T16:15:32","modified_gmt":"2022-05-30T05:15:32","slug":"a-guide-to-ransomware-what-do-you-need-to-know","status":"publish","type":"post","link":"https:\/\/www.institutedata.com\/us\/blog\/a-guide-to-ransomware-what-do-you-need-to-know\/","title":{"rendered":"A Guide to Ransomware: What do you need to know?"},"content":{"rendered":"

By Ez Yiap<\/strong><\/p>\n

Cyber Security Consultant (GRC) and Assistant Trainer for the Institute of Data\u2019s Cyber Security Program.<\/strong><\/p>\n

An IOD alumni who pivoted into cyber security, Ez now helps organisations assess and strengthen holistic cyber security. Ez is passionate about contribution and coaching within the cyber security community.\u00a0Connect with Ez on LinkedIn here<\/a>!<\/strong><\/p>\n

\n

Ransomware is a form of malicious software (malware) that is distributed and\/or deployed by a threat actor (malicious person, hacker, cybercrime group). Ransomware is intended to disrupt system operations, deny access to files, services or possibly the entire device, and place timebound pressure to take corrective action. While it can impact individuals, average home users or households, it is usually targeted at organizations, being a primarily financially motivated attack.<\/span><\/p>\n

Who uses ransomware, and who do they target?<\/span><\/h2>\n

Usually, a cybercriminal organization or entity leverages ransomware to encrypt files on an organization\u2019s device(s), denying access to staff or customers, and sometimes even both. In most scenarios, the threat actor holds the decryption algorithm program and demands a ransom be paid by the organization in order to decrypt the files\/system within a specified timeframe so the organization can regain control and return to operations.<\/span><\/p>\n

How does a ransomware attack start?<\/span><\/h2>\n

As with most cyber-attacks, ransomware can impact a device through different vectors. It could be an email attachment activated by an unaware user or in a download unbeknownst to the user. Additionally, ransomware may be deployed by a threat actor following the compromise of a network environment, gaining access to systems and applications via phishing for credentials, or the use of social engineering to gain initial access before deployment.\u00a0<\/span><\/p>\n

Sometimes it is as simple as tricking a user into being directed to a malicious website where the malware download occurs. Ransomware can even be placed on external media, such as a USB drive and when plugged into a computer, infects the device.<\/span><\/p>\n

Ransomware as a Service (RaaS) is a criminal business model whereby one entity (affiliate) pays another (operator) to launch a ransomware attack against a specified target. This allows almost anyone the capability to instigate an attack without necessarily having developed ransomware software or having deep technical know-how to undertake the engagement. CrowdStrike, via its Cybersecurity 101 channel, advises\u00a0<\/span>RaaS can start from as low as USD$40 per month<\/span><\/a>, and the average criminal ransom demand in 2021 was USD$6 million.<\/span><\/p>\n

Have you heard about the rise in ransomware \u2018double-dipping\u2019?<\/span><\/h2>\n

Ransomware attacks are often associated with data breaches, whereby the threat actor exfiltrates sensitive data before encrypting the devices or systems. This rising cybercrime trend is known as \u2018double-dipping\u2019. In addition to the denial of access, the threat actor holds the organization to an additional ransom at the threat of releasing the data extracted to the dark web, public, or selling it to other cybercriminals.<\/span><\/p>\n

There is, of course, never any guarantee that if a ransom is paid, the threat actor will provide decryption, return any stolen data or not take other cybercriminal action. Many organizations that have paid a ransom often still have the exfiltrated data leaked regardless.<\/span><\/p>\n

Why should we be concerned about ransomware?<\/span><\/h2>\n

Understandably, ransomware tops the list of many organizations\u2019 worries when it comes to an ever-evolving threat landscape. Risks come in all forms; economic, weather, organizational, geopolitical, market, human, technology and more; however, they are not always considered, assessed and treated equally. As a result, cyber risk is challenging for many organizations.\u00a0<\/span><\/p>\n

It often requires the considerations, resources and attention traditionally excluded from business inception, being sought after or implemented in later maturity stages as the organization grows. Additionally, given the proliferation of ransomware is relatively recent, many established organizations have not known about it or how to mitigate against it or respond when impacted.<\/span><\/p>\n

Ransomware is feared because of the debilitating way it can cripple an organization effectively and efficiently. IT can often occur so quickly, and the resulting impact is critical. There can be drastic ripple effects on supply chains, the community, and even the health and well-being of people.<\/span><\/p>\n

CrowdStrike, in its 2022 Global Threat Report, observed that in 2021,\u00a0<\/span>ransomware-related data leaks increased by 82%<\/span><\/a>, with the total number of attacks at 2,686 by the year\u2019s end compared to 1,474 during 2020.<\/span><\/p>\n

What is the solution to protecting against ransomware attacks?<\/span><\/h2>\n

There are plenty of dedicated technology solutions that claim anti-ransomware capabilities. Additionally, there are longstanding anti-virus and anti-malware packages that continue to extend protection tools into anti-ransomware offerings.\u00a0<\/span><\/p>\n

Finally, some companies or individuals put vulnerability management at the top of the mitigation stack. Others may say doing daily backups or even prioritizing taking out cyber insurance can be a way to safeguard you.\u00a0<\/span><\/p>\n

Ultimately, preventing, detecting, responding to and recovering from ransomware, as across cyber security as a whole, requires a holistic approach of people, processes and technology controls. Let\u2019s look at these in-depth a bit further.<\/span><\/p>\n

What part do people play in protecting against ransomware?<\/span><\/h2>\n

People are arguably the leading cause of ransomware attacks being successful, but just the same people can be an organization\u2019s greatest proactive defense against it.\u00a0<\/span><\/p>\n

Ransomware has to be delivered and deployed to a device for it to take effect and encrypt data, locking out user(s). For a threat actor to deliver and deploy the ransomware, they need to breach the organization\u2019s device, network or environment by some means.\u00a0<\/span><\/p>\n

Ransomware attacks often start with obtaining a user\u2019s credentials through a means of social engineering such as email phishing, vishing (like phishing but on a voice call) or by sending a user an email with a malicious attachment. Sophisticated ransomware attacks leveraging a user may involve social media connections, spam, impersonation, direct messages or even app store downloads to mobile devices.<\/span><\/p>\n

The\u00a0<\/span>Australian Cyber Security Centre (ACSC)<\/span><\/a>\u00a0lists three cautions that users can take and be trained on:<\/span><\/p>\n