Anatomy of a Ransomware Attack
Ransomware is the most concerning and dangerous type of malware that can cause severe financial and reputational damage. What separates it from other malware, is the word “ransom” which is a form of extortion. And cybercriminals are successfully using it to disrupt services and steal from Australian businesses and individuals. In fact, over the past 12 months, Australia has faced a 15 per cent increase in ransomware cyberattacks.
With estimates showing that there is a ransomware attack on a business every 11 seconds, no business can afford to ignore ransomware. It is vital for every business to understand how these attacks occur and put measures in place to protect against them. So let’s look into ransomware a little bit more to understand it.
What is Ransomware?
Ransomware is a type of malicious software (malware) that encrypts victims data and then holds it for ransom. Once this type of malware has infiltrated your device or system, it blocks your files by encrypting them rendering them unusable. Cybercriminals are then in a position of power and may demand payment in return for the decryption key. This can have huge implications to your business such as legal fines, reputational damage and serious financial costs. Costs can vary from thousands to even millions of dollars, which explains how the global cost of ransomware in 2020 reached a staggering $20 billion.
Some of the most recent, high-profile examples of ransomware and its aftermath include:
- Colonial Pipeline - a ransomware attack in May 2021 against Colonial Pipeline’s billing system and internal business network saw the American oil pipeline system shut down. Fuel distribution was disrupted for over a week, with shortages leading to chaos and panic. To avoid further disruption, the company eventually gave in to demands, paying $4.4 million dollars in bitcoin.
- JBS Foods - computer networks at JBS, one of the biggest meat processing companies in the world, were hacked in June 2021. There weren’t any major food shortages, although the public was informed not to panic buy meat in response. Eventually, as the disruption threatened food supplies and risked higher prices for consumers, the company paid $11 million in ransom, one of the largest ransomware payments of all time.
- Kaseya - a fake software update was sent through the American software company’s virtual system administrator in July 2021, reaching clients and their customers. One million systems were encrypted and held for ransom, with around a thousand businesses impacted. No ransom was paid, and the company managed to restore the IT infrastructure, but many companies were impacted for over a week.
How Ransomware Attacks Work
There are several trajectories that ransomware can take to access a computer or system. The most common amongst them is phishing, where attachments or url links within an email are masqueraded as trustworthy. Malware can also be planted on malicious websites, links, links in SMS’s, social media posts and downloadable applications, which means that any device connected to the internet is at risk.
Once malware has been inadvertently downloaded onto a computer or device, there are several things it can do. The most common action is for it to encrypt some or all of the files and to send a message to the user explaining that they need to make a payment (usually in Bitcoin) in return for access. However, advanced features to ransomware now enable cybercriminals to also steal data before encrypting it. Once they have access, they search for sensitive files and then threaten to publicise the data if ransom demands aren’t met.
Protecting Against Ransomware
Once ransomware encryption has taken place, it’s often too late. That’s why preparation and prevention are at the forefront of managing the risk of ransomware attacks. Especially with endpoint security as each employee has multiple devices connecting to an organisation’s network.
InfoTrust partner CrowdStrike offers Falcon Platform; the leading endpoint protection solution that brings together intelligence, technology, and expertise to successfully stop ransomware in its tracks. The platform uses a colossal data set of five trillion events per week alongside threat actor intelligence to fuel its AI-powered machine learning algorithms. To proactively see and stop the stealthiest of attacks, the platform incorporates:
- Endpoint Detection and Response - A solution that acts like a surveillance camera across all your endpoints, using machine learning to automatically detect malicious activity so your business can respond quickly to threats.
- Threat Hunting - A dedicated team of expert threat hunters who proactively hunt across all your endpoints, constantly analysing and looking for anything that has been missed by your other protection measures.
- Threat Intelligence – Provide context and help you to understand your adversaries, know what to look for, anticipate the next serious threat and proactively deploy countermeasures before the worst happens.
- Incident Response Planning - Seasoned security experts will help you create an incident response plan so you can limit damage, recover data successfully and get your business back up and running quickly in the event of an attack.
- Adversary Simulations – a covert exercise designed to mimic a real-world ransomware attack to help you assess how your defences stand up.
How to Achieve Endpoint Maturity
Defending against ransomware not only needs secure backups and a detailed incident response plan, but also requires a solid endpoint protection solution to defend each attack vector and endpoint. By having this solution in place your organisation can mitigate the risk of a ransomware attack, but more importantly matures your endpoint security journey.
To find out more about how you can bolster your defences to combat ransomware attacks, contact InfoTrust today for a consultation on endpoint maturity.
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help