It’s National Cyber Security Awareness Month right now, making it the perfect time to talk about Ransomware Prevention.
We have all heard about multiple cyber attacks over the last year. At the same time cyber crime is a vast topic that’s ever changing, making it one that’s intimidating to approach.
A few weeks ago we hosted a very informative webinar with cybersecurity experts from Defendify and RoundTable Technology on Ransomware.
This blog post will cover some of the key takeaways from this excellent webinar on Ransomware Prevention.
Growing concern about Cyber Threats is a good thing
A few years ago, most of us probably didn’t think much about cyber crime or ransomware on a daily basis. Fast forward to today and I’m sure we all think about cyber security a lot more than we previously did.
To illustrate this, during our webinar on ransomware prevention we asked attendees who were mainly service providers, how concerned they were about cyberthreats. The results were that:
- 75% of attendees were “very concerned” about Cyber Threats
- 25 % of attendees were “somewhat concerned” about Cyber Threats
All attendees were concerned about cyber threats to some degree.
A growing concern about cyber threats and crime is actually a very good thing. More people are now discussing the topic than ever and they are looking at how they can prepare if a cyber attack were to occur.
Some even argue that we’ll all experience cyber crime at some point.
“There are two types of people: Those who know they’ve been hacked and those who don’t know it yet!” (Reza Mehman)
The general public are also starting to become more aware of the business risks that go along with cyber crime too.
An increase in general knowledge about cyber crime presents an easier route for service providers to have conversations with their customers about how they can add additional protection.
What is Ransomware and how does it work?
The Ransomware model is simple. It involves cyber crime gangs of the world stealing data to get money. It works like this:
- Data is stolen by cyber criminals
- The data that is stolen is encrypted
- The encrypted data is held hostage
- Attackers demand payment for the data back
Nowadays there is also an extortion piece to ransomware too. Since many MSPs or companies may have the data backed up so it can be restored, attackers also threaten to sell the stolen data on the dark web as a Plan B.
“Hackers are also very good at getting backup data too”, warns Joshua Peskay, vCIO at RoundTable Technology.
Many times, before a company is aware they are being attacked, cyber criminals have spent days lurking behind the scenes and collecting data so they may already have access to a company’s back-ups too.
This period of lurking around is known as the “Dwell Time”. Dwell Time is when cyber criminals are infiltrating the systems without being detected. During this time they’re stealing data, getting access to back-ups, assessing data and deciding how much the data is worth to price a Ransom efficiently.
Lurking and listening behind the scenes allows attackers to come up with realistic pricing that an organization could potentially pay to get the data back.
It was recently reported that the average global dwell time of attackers was 24 days which implies that many cyber criminals spend a long time on a network before being detected.
24 days is a huge amount of time to gather information. This amount of time allows cyber criminals to be really smart and informed about the ransoms they demand from victims.
Ransomware has become a full blown criminal enterprise
This is no longer a mickey mouse operation.
Gone are the days when a Ransomware attack had to be initiated by a lone computer genius and a piece of malware.
Nowadays, anyone can become a cyber criminal if they want to because there are many resources widely available on the dark web.
There are even Ransomware as a Service kits available for purchase on the dark web which provide full training on how to run a Ransomware attack from start to finish.
“We’ve moved from a Trojan to a full-blown criminal enterprise…it’s the modern day Ocean’s 11,” says Shanna Utgard, Senior Cyber Security Advocate at Defendify.
To sum up, cyber criminals are criminal networks with a lot of resources at their disposal. In a lot of ways they may even run like a normal company.
These organizations may even have access to advanced resources like; a support team, malware programmers, financial experts for moving crypto currencies, training systems and more.
What’s fueling the Ransomware fire
There are a few things that are throwing gas on the fire and helping cyber criminals work even more efficiently.
Crypto currency: Digital currency makes it easier for attackers to translate their stolen data assets into currency. This is because crypto currencies make it harder to recover extortion money. This is because of the anonymous nature of some crypto currencies. Digital currency provides a perfect way for attackers to get payouts from their victims and for stolen data.
Dark web marketplaces: These act as easily accessible places for selling data stolen during an attack and accessing other resources too.
Public shaming: Many organizations that have undergone a ransomware attack don’t want people to know. This provokes them to pay the Ransom fines and be done with it. This is to minimize the exposure, public shaming and reputation damage they will incur if news about the attack gets out to the public.
Critical infrastructure attacks: Attackers are more frequently targeting critical infrastructure pieces like hospitals and public services that the world depends on. This makes not paying the ransom even life threatening in some cases. The urgency of these services acts as an additional bargaining chip for cyber criminals.
How can your business work on Ransomware Prevention
So ransomware is a huge topic, increasingly important and super scary. But how can you get started with it?
Here are some actionable tips on preventing ransomware.
- Secure yourself first: Make sure your house is safe first. Find out the gaps in your own systems and determine how they can be fixed. Reassess your organization’s own cyber security health on a frequent and recurring basis.
- Practice your ransomware response: Practice real-life scenarios of a cyber attack with your team. Walk through your response. Even if you’re a one person shop, you can still practice real life scenarios. Write down your answers and have a process in place.
- What are you doing in the event of an attack?
- How are you responding?
- What is your next action?
- How could you have been better prepared at preventing this from happening?
- Pro tip: RoundTable Technology has an excellent document available on their website to help with this.
- Ensure that cyber security and ransomware prevention features are a part of your service offering: Require an essential level of cyber security features in all your contracts. Ensure that you are offering your customers standard and add-on levels of protection.
- Educate your customers: Have conversations with your customers. Keep your customers updated on cyber risks. Make sure they are following the best secуrity practices too.
- Use tools to help you: Tools like Defendify can help you manage the whole cyber security process. You can also look at additional essential tools like Domotz network monitoring software for added awareness and oversight about what’s happening on your network.
Key takeaways on Ransomware Prevention and Cyber Crime
Watch the webinar recording now for the top three take aways on ransomware prevention in the webinar recording.