Knowledge and understanding are everything in the fight against ransomware, so before we go any further, you should check out these two previous STEALTHbits blog posts:
Understanding the basics of how ransomware works and the motivations behind it is essential to fight the threat. And yet, even after so many high profile incidents many organizations haven’t even addressed the basics to protect their data!
Why is this? Budget? Ignorance? Devious methods by the perpetrators? Human error?
All the above! Let’s take a brief look at each.
Budgetary limitations are an understandable consideration… however, you must ask:
- “How much is my data worth?”
- “How much would it cost my business if I lost my data?”
- “What is the compliance fine if my data is compromised?”
For example, just to briefly consider compliance, using the European Union’s soon-to-be enforced General Data Protection Regulation (GDPR) as a guideline, fines for non-compliance could be as high as €20,000,000.00 or 4% of global revenue!
…is never an excuse. As a data owner, you are responsible for your company’s data and any personally identifiable data held on your infrastructure.
Ransomware writers have few moral or ethical qualms and generally do not discriminate between different types of organizations when choosing targets. So, regardless of whether you are a large financial institution or a small non-profit charity, your data is at risk.
Devious methods by the perpetrator
When dealing with ransomware, the methods plied by perpetrators to bypass your perimeter defenses should be of special concern.
For example, by using “phishing” tactics – whether through email or social media – bad actors are tricking unsuspecting users into clicking hyperlinks they think are genuine and harmless. Innocently following such malicious hyperlinks can cause code to be executed that is designed to secretly compromise the security of the computer. Sometimes a malicious hyperlink’s content is designed to trick a user into disclosing credentials to online accounts, having been presented within a fraudulent email that looks genuinely to be from PayPal, banks, or other institutions.
The simplest way to mitigate this risk, albeit controversial, is to block all web-based mail use on corporate devices.
No amount of training, publishing, or even berating can make a perfect user. People make mistakes. People are fallible.
The only way to minimize this risk is to intelligently limit a user’s options at the policy and technical level, such as blocking web-based mail.
Understand the Fundamentals
Ransomware does not and cannot act alone, but rather, it requires a method of propagation. That method invariably is Malware: the Virus, the Trojan. Malware can enter the environment through phishing emails, infected USB drives, dubious torrents and many other ways. The Malware attempts to leverage a credential – likely the user account – which is then ‘hijacked’ and used to move around your infrastructure to propagate and deliver its payload, the Ransomware.
Money. Bravado. State Sponsored activities. Disruption of service. These are all motivations for a whole slew of nefarious cyber-activities. However, the one that most strongly drives ransomware is money. And the Ransom itself? Most often payable only in untraceable Bitcoins.
Organized criminal enterprises around the world have come to realize that, as a strategy to acquire Money, ransomware is a relatively low risk with a potentially high return. So, for some criminals, it makes good “business sense” to move away from riskier, traditional criminal activities (such as, say, drug smuggling) to lower-overhead, lower-risk cybercrimes like ransomware. Abolish from your mind the old stereotype of a “hacker” as the socially maladjusted computer geek in the basement showing off to her friends, breaking into systems “just for kicks” or bragging rights. The perpetrators in the new ransomware reality are globally funded, well organized, and ruthlessly playing for high stakes. How much did you say your data was worth again?
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Mark Wilson is a Director of Product Management at STEALTHbits Technologies.
He is lead Pre-Sales consultant in the EMEA region and a key member of the global Product Marketing team.
Mark has 18 years’ experience working in virtually all technical support and consulting roles across both public and private sectors in the UK, EMEA and Globally.
Areas of specialism include compliance, data governance, IAM, migrations and consolidations.