• Mohinee Singh
  • 0 Comment
  • June 1, 2021

Ransomware is leading the way in modern Security events. Ransomware is a type of malicious software that holds a victim’s data hostage until a ransom is paid. Instead of selling victims’ information on the black market, ransomware has established a way to make money off this stolen information directly from victims. The threat of ransomware is based on publishing personal data or blocking a victim’s online access to their own accounts.

Global Trend
Ransomware shows no sign of slowing down as the average ransom paid to cybercriminals by organizations that fall victim to these attacks has nearly tripled over the past year. Based on the analysis of more than 500 attacks and cyber threat intelligence activity, researchers estimate that the number of ransomware attacks grew by more than 150% in 2020.

The continued success of attacks has led to some ransomware gangs becoming extremely bold with demands. Before 2020, the highest ransom demand paid to cybercriminals stood at $5 million, but during the past year, that has doubled, with data in the report suggesting that one victim paid a ransom of $10 million to cyber criminals following a ransomware attack. The highest attempted ransom demand during 2020 stood at $30 million – double the previous highest attempted demand of $15 million in previous years.

Steps to take when you are under a Ransomware Attack

  1. Contact your Cyber Insurance Provider
    If you suspect that your business is experiencing a ransomware attack, immediately contact your cyber insurance carrier, regardless of the coverage you have. This step is critical to securing the necessary resources to minimize risk and mitigate harm. Cyber insurance carriers always have contacts of industry-leading cybersecurity attorneys, forensic firms, and other professionals who will be able to assist you further. If you do not have cyber insurance, you should strongly consider getting it.
  2. Preserve Digital Evidence
    Preserving forensic evidence is a critical, but often overlooked step in responding to a ransomware attack. Reformatting (or “wiping”) impacted servers and workstations in an effort to restore the organization’s operations destroys forensic evidence.
    Thus, before reformatting infected servers or computers, make a copy of the impacted devices. Save all available logs before they automatically rollover.
  3. Avoid any Communications with the Attacker (Threat Actor)
    When your organization suffers a ransomware attack, the threat actor will usually leave a ransom note that provides instructions for communicating with the actor. To increase pressure to pay a ransom, the actor may also implement a countdown that begins once you establish contact.

Best Practices to Defend against Ransomware

  1. Lockdown RDP and other services using firewall:
    A good practice to prevent attackers from entering a network is to ensure remote access to servers and systems is only possible via VPN and ideally using multi-factor authentication or a whitelist of sanctioned IP addresses.
  2. Reduce the surface area of attacks:
    Maintain periodic reviews of all port forwarding rules to minimize open ports.
    Each of these open ports represents a potential opening in networks. Where possible, VPN should be used to access resources on the internal network from outside rather than port-forwarding. It is advisable to secure any open ports by applying suitable IPS protection to the rules governing that traffic.
  3. Conduct Penetration tests and Vulnerability Assessments:
    Doesn’t matter the what is the size of your organization, a Ransomware attack can strike anyone who has data. Conducting Regular Penetration Tests and Vulnerability Assessments might mitigate the chances of such events.
  4. Enable TLS Inspections:
    Nearly a quarter of malware communicate using TLS. TSL inspection, with support for the latest TLS 1.3 standards on web traffic, ensures threats are not entering a network through encrypted traffic flows.
  5. Automatically isolate infected systems: 
    When ransomware or other attack strikes, it’s important that IT security solutions are able to quickly identify compromised systems and automatically isolate them until they can be cleaned up, to prevent spread to other systems on the network.

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Tuned With Us

Subscribe now and receive weekly newsletter with educational materials, , interesting posts,
upcoming free events, popular books and much more!