“We are on the cusp of a global digital pandemic,” claimed Christopher Krebs, former Director of Cybersecurity and Infrastructure Security Agency in June 2021. This quote is in reference to all cyber threats, but was largely inspired by emerging Ransomware events targeting US critical infrastructure.
Dissecting Ransomware: What is it?
The most common story you hear when someone is describing ransomware usually involves some form of malicious code rapidly encrypting files with public-key RSA encryption, and then threatening to delete those files if the victim did not pay the ransom. This type of attack continues to be a real threat, but we are seeing new types of Ransomware attacks emerge as the bad actors evolve with their nefarious ways.
After the infamous WannaCry and NotPetya ransomware attacks of 2017, most companies ramped up their cyber-defense. More emphasis was placed on backups and restoration processes, so that even if files were destroyed, organizations had copies in place and could easily restore their data.
If your organization has not created a data recovery plan, you’re ignoring one of the fundamentals of iSecOps and weakening your defense against Ransomware, among other cyber-threats.
Cyber-criminals have also adapted their techniques. Now, rather than just encrypting files, double extortion ransomware exfiltrates the data first. This means that if the company refuses to pay up, information can be leaked online or sold to the highest bidder. Suddenly, all those backups and data recovery plans became much less a concern as Data Loss Prevention (DLP).
Integrated Security Operations looks at an organization’s cyber security strengths and weaknesses through a broad lens. Infrastructure, protections, governance risk and compliance, people and processes, among other things of relevance, is paramount in managing the threats of cyber terrorism rampant in today’s highly connected world.
From an iSecOps perspective, DLP can be addressed in a number of ways. Most organizations allow all outbound Internet traffic on their firewalls. While this practice simplifies operations, it does present the opportunity for sensitive data to be easily exfiltrated. There are other DLP technologies that can be leveraged to protect against the loss of sensitive data. Palo Alto Networks, for example, have introduced next-generation solutions that can significantly reduce data loss threats.
Block it from Entering
The first and most effective defense against ransomware is to block it from entering your organization in the first place. Preventing ransomware through email filtering, malicious URL filtering, and hardened firewall rules are methods that can be used to help thwart threat actors from achieving their objectives. That said, new and increasingly sophisticated ransomware variants are on the rise and may be able to bypass these defenses.
Educate, Educate, Educate
Educating users of the threats of phishing and visiting malicious websites is the next layer of defense.
An Extra Measure of Protection
An ancillary mechanism in ransomware defense is Cyber Liability Insurance. If all other defenses and protections fail, paying the ransom may be the final answer. Cyber Liability Insurance can equip your organization with a calculated financial measure that circumvents unbudgeted payments in inconvenient business cycles.
If compromised by ransomware, an organization should also consider engagement with officials such as the RCMP or the FBI, depending on the location of the compromise. With the recent ransomware attack on a US gasoline pipeline, the FBI was able to recover a significant portion of the organization’s ransom expense. Had the pipeline company contacted the FBI prior to paying the ransom, it’s conceivable the FBI would have been able to circumvent any payment at all.
At the end of the day here’s what I want you to know: Ransomware is a real threat with real consequences. It’s not going away and the threat is only getting more complex and involved. More and more companies are taking an integrated approach to looking at threats and making sure that their strategy doesn’t just think about the threat, but also considers: infrastructure, protections, governance, risk and compliance, people, and processes etc., iSecOps helps make that possible.
If you would like to chat about ransomware or how an iSecOps approach might help you, please don’t hesitate to reach out – I’d love to connect.
About Mike Moore
Mike is an Enterprise Architect here at Online Business Systems. He is an Information Technology professional with over 25 years of experience with an excellent understanding of business challenges. Mike is an expert at developing supportable, cost-effective, and business-enabling IT solutions for organizations of any size or complexity.
Please add any inquiries or comments for Mike in the form below and he will be sure to get back to you!
Check out some of our other SecOps blogs: