5 Reasons why Ransomware is the least of your problems

5 Reasons why Ransomware is the least of your problems

 

Ransomware or Cryptoware has become one of the biggest sources of illicit income for hacker groups, criminal gangs, and the underworld as a whole. It has become the bane of many corporations which use the internet actively for closed information exchange, simple communication between customers or users, or world-trade & commerce.

When cyber attacks on  Enterprises and Businesses world-wide make the headlines, articles name D.O.S attacks (Denial of Service attacks) and Ransomware as the main weapons used to attack companies. Ransomware encrypts vital information, which in turn has forced companies to pay a hefty price on their own data to dastardly criminals, who may or may not restore the information after they payment is received…often they don’t.

This alone is a disaster scenario that has become a reality for many companies, however, the truth is that the problems have been there from the start:

5- Ransomware is only devastating for those who don’t have backups.

The real consequences of a ransomware are not actually worse than having your entire data deleted by any other malware (which is still terrible), or any of the MANY forms in which information can become corrupted or deleted. Non-malware related issues that can erase data include: Power Outages / Spikes; hardware failure; corrupted data often caused due to time, bad transfers or file conversions; one particularly dull-witted with admin rights, Microsoft Windows acting like… well Windows (it happens), and unsupervised children.

Any experienced or long-time user knows that backups of sensible data should be frequent and for companies they should become a mandatory routine. However, very few companies do follow this advice, and backups are significantly important, we are talking about valuable data and hardware that even in modern times is still prone to failure.

Hard Drives have an average life-span of 5 years and SSD can only be overwritten so many times, sure, it is very unlikely that data become corrupted as soon the expiration date arrives on a HDD or that any user can hit the limit on a Solid State Drive but awareness of this issue can lead to safer practices that in turn diminish the damage from either digital attacks of physical damage caused to exposure.

Another fine advice: Paper backups never hurt.

4- Encryption should never mean downtime.

Downtime is a serious issue that leads to more problems which can cause a loss of assets and customer dissatisfaction or trust.

After backups, the next prevention task should be mapping.

Network mapping allows a company to know further ahead weak spots, and the services they do need to stay operational. Network mapping can be requested to professionals as a service, and can be used to isolate networks of clients or servers that are exposed the most so even in the worst case scenario, a fast and efficient recovery can be executed.

Other benefits of network mapping include the prevention of intrusions, and can help to plan the expansion of a service (For example web hosting servers or data centers) in the future.

So even in the case of encryption, a company can be still be operational while professionals can be set to work on the afflicted equipment, and networks.

Without it, professionals need to work from scratch and will require more time to have all systems operational.

Downtime and Investigation are somewhat correlated because they take time, and it is time well spent, however with proper knowledge even a disaster scenario (Which includes encryption) can be solved swiftly. Companies should count with a map of their network, it sounds like a peculiar thing to have at hand, but it has helped experts, consultants and inner IT teams on maintenance, and security.

3- Companies that have become targets of ransomware attacks often don’t have the defenses to meet the threat.

There is a common piece of advice that doctors say to their patients: “Lose Weight, Quit Smoking, Drink Less Coffee” and if it had an equivalent for home users it would be: “Format, Make a fresh  (Windows / OsX) install, get an Anti-virus, and thread on the internet with care”.

It is a fine advice…for home users, but companies on the other hand cannot rely on the same advice because a business network, no matter how small, should not be treated as a home network whose only active threat are the very same users.

Users only have to deal with normal attacks, and they are somewhat protected by their online anonymity (An article on it can be expected soonish) businesses on the other hand have to publish their information online, and they may require to send and receive information from clients around the world. When you read or hear about “multi-vector” attacks what it means is that any form of communication can be used as a way to attack a network.

Attacks sent from emails and social media (phishing, keyloggers, R.A.Ts etc…) are common place, but more elaborate network attacks can become an everyday risk that any business should be ready to face (Man in the middle attacks, Buffer Overflows, Packet Injections, and so forth).

So what forms a defense? This question alone merits their own series of articles, but one aspect of the defense are the very familiar Anti-malware software. Anti-malware solutions are possibly the first thing that comes to mind when we talk about defense. AV solutions are indeed powerful, but they should not be the only defense.

For home users, their defense consists of anti-virus solutions which are designed to protect the user from known threats, for an average user the danger comes from websites and downloads, for a corporation with several forms of communication that go in and out all day the solution needs to be robust. In this scenario AV solutions change from the sole defenders, to the tools of trade that IT specialists use to do their best.

There is also a big difference between the regular user experience with malware and that companies endure which have form an erroneous view of what a corporate defense should look like. For one, users mostly have to deal with the malware they bring with them from the internet, for companies it is different, for them it is a siege.

Attacks can come day in an out from many sources, and Ransomware is indeed part of the picture, but they do not act alone.

2- An encryption scenario should not be a mystery.

We have covered: Backups, Mapping, and Defense Planning.

What could go wrong now?

Well the problem is that technology is not static, it is an environment that is always changing. New practices, protocols, devices, and “ways” evolve in this world, and what was considered a safe or protected network a couple of years back, could have many vulnerabilities now.

So it is the way of technology and so it is the way companies should consider at least consultants from time to time, and if they got IT personnel in place they should also be up to date.

1- Ransomware is actually insult to injury.

We live in the era of smart computers and smart phones, but not on the era of smart software. Malware is often designed to be stealthy, or to wreck as much havoc as possible but it is not smart. There is not a malware than can do everything, it needs help, and there is not a dumber malware than ransomware.

Ransomware can: Encrypt the documents of a target computer, therefore not allowing the victim to access said files. At worst, it can slowly start encrypting files overtime, instead of doing everything on a single blow making life harder to IT specialists.

Ransomware can’t: Intrude into a company area router, or modem, map the entire inner network, find the most interesting target, find weak spots on the defense of the network, exploit the vulnerabilities, and insert itself.

For Ransomware to do its thing, a number of terrible situations must take place.Intrusion detection systems, and firewalls need to be vulnerable or exploited, software defenses and sniffers need to be completely fooled, and computers need to be made vulnerable, or web clients should allow the pass of infected documents with malware which is often the most direct way but the least effective to actually obtaining sensible data.

Of course that is an elaborate scenario, it could also be one annoying script kiddie who got lucky, and one dull-witted employee…

“You have won the Microsoft lottery, click here”…looks legit.

 

Ransomware is very often the last consequence of a network intrusion.

This means that the attackers have successfully breached into your network. This alone is VERY alarming, and all in all: Bad News.

This might sound different to the rest of the article, but it is an alarming matter.

Let’s stop to think what this means:

It means that your defenses were not enough to stop the attackers, and that the very expensive, very complicated network appliances were fooled.

That no one had been monitoring your traffic,  the lack of a vigilant IT department or a stressed and underpowered IT department has just cost you sensible information.

The attackers have been entering your network at their leisure, they know every computer in the network and no one knows how long have they been there or how much do they know or how many computers have been compromised.

Databases, clients, patents, inventions, in-house software development, intellectual property, corporate secrets, the recipe for grandma’s home-baked double chocolate chip cookies…in total everything of worth could had been stolen, and the intruders might still be there.

Ransomware is the last consequence because there is no point on encrypting random information. Encrypting a computer that houses nothing but social media and PR related material won’t do much damage, nor will force a company to pay the much desired bitcoin criminals sought, for Ransomware attacks are only effective when they hit their targets.

once the hacker have all your important data, inventions, innovations, costumers list and intellectual properties, they just encrypt one server or a few important computers to make the final steal to your company.

Since the ransomeware is the only visible part of the attack, is very common fall in this mistake and  think the hacker just encrypt a few files and ask for money. But when the ramsomeware attacks is too late and your company had lost almost everything.

Protect your company. Call Talon Cyber Defense