The digital ransom note - the scourge of Ransomware | AXELOS

Wednesday 24 Aug 2016 @ 14:25
AXELOS

The digital ransom note - the scourge of Ransomware

Blog posted by: Mark Logsdon, AXELOS Head of Market Engagement for Cyber Resilience, 24 August 2016.

The risk of being held to ransom is no longer just a phenomenon of the physical world - the digital world is subject to the menace of Ransomware.

Ransomware is where an attacker renders your computer system and your data unavailable to you through encrypting your data and then demands a ransom to allow you to resume access. Ransomware is not particularly new, but the rise of Bitcoin and the widespread use of online payment mechanisms has made it increasingly attractive to criminals.

Incidents typically involve an attacker encrypting data or even the keyboard using their private key which is impossible to crack. The attacker then displays the ransom note on their screen. Attacks are not limited to computers; phones are now a regular target with the PIN being changed and locking out the user.

Unlike other forms of malware there isn’t really a ‘patch’ or signature that can be applied to either stop it or prevent it in the first place, but the attack still requires access to the victim’s computer. About 90% of attacks start with some form of phishing email or a social engineering attack, both of which require human intervention to execute.

Therefore, organizations can increase protection by keeping security patches up-to date and regularly backing up data to quickly return to a pre-attack state. Meanwhile, employees should be on the lookout for phishing emails and shouldn’t click on links or open up attachments in unexpected emails or those offering the ‘chance of the lifetime’. Never reveal sensitive or security information too readily - remember a reputable company will never ask you for such information over the phone or by email.

The most effective and cost-efficient control to manage this risk is awareness training. All staff need to understand the role they have in keeping their company’s most precious information secure. They need to be actively involved and engaged in learning awareness programmes that use the latest learning techniques to effectively change the cyber behaviours of all staff. The board needs to set the right ‘tone from the top’, being aware of their particular cyber risks and vulnerabilities, asking the right questions and helping drive and action the necessary programmes designed to support their chosen risk posture.

And if you are attacked, the first thing to do is to activate the incident response plan. This plan should consider what’s been lost or is not available, the impact it has, how it happened, is it still going on, how do we fix it and how we prevent it happening again. In addition, there are some crucial business decisions: who do we talk to first, i.e. customers, media, police, regulators, shareholders? What do we say and when do we say it? Who says it? There’s also the question of what to say to staff, who then may innocently use social media to tell the world about what’s being said internally.

With sensible housekeeping - patching, backing up data and better user behaviours - you can lower the risk of becoming a victim of ransomware.

See our RESILIA™ section for more information about cyber security and resilience.