Watch out for ransomware attacks
Have methodologies to gauge risk posed by fraudsters
Updated On - 23 November 2021, 12:43 AM
By Anil Rachamalla
Cybercriminals have become sophisticated enough to use ransomware to penetrate and immobilise large enterprises, federal governments, global infrastructure and healthcare organizations.
Ransomware is a type of malicious software that threatens to block access to data, usually by encrypting it, until the victim pays a ransom to the attacker. In most cases, attackers demand a ransom with a deadline. If the victim doesn’t pay in time, the data could be erased or the ransom increases.
A new market has emerged now on dark web, offering malware strains for sale to those who want to become a cybercriminal, thereby generating extra money for malware developers. We have seen that the most effected are critical infrastructure networks and we have seen a rise in ransomware attacks on healthcare and pharmaceutical sectors, who produce products that have FDA approvals. Here the attack is more focused on intellectual property.
Safety steps for SOC, NOC administrators:
- Receive actionable intelligence on compromised credentials, personal information and data breaches to be monitored on dark web on a regular basis.
- Make informed security decisions based on evidence-based knowledge (repositories) on threat actors and their capabilities and create an effective plan to dismantle threats before they attack.
- Plan mitigation approach for weaknesses based on priority and risk score based on vulnerabilities of your infrastructure.
- Manage reputation risks with effective digital platforms. Companies with damaged reputations may also lose support of customers, investors and other counter parties, causing reduction in revenue.
- Have processes and methodologies to gauge the risk posed by 3rd party vendors, as they could also be possible potential threats.
- Constantly have an eye fraud intelligence of illegitimate businesses that facilitate identity theft or other forms of cybercrime activities.
Approach to ransomware attacks:
- Prepare to Prevent – We must have a solution that enables us to have 360 degree visibility which allows to quickly map critical assets, data and backups. Have software solution that can create zero trust micro perimeters around critical applications, backups, file servers and databases. Alternatively create policies that restrict traffic between users, applications and devices.
- Detect to Remediate – Have a solution that alerts to any attempts to gain access to applications and backups. You may plan to incorporate reputation-based detection that alerts to the presence of known malicious domains and processes. The moment a breach is identified, we can minimize dwell time and catch cyber criminals before they can make a next step. Create isolation rules that allow the rapid disconnection of affected areas of the network.
- Recover to Streamline – Finally you will need to have a complete visualisation capabilities that can do a big bang recovery or alternatively support phased recovery strategies in which connectivity is restored.
Role of Cert-In as per IT Act:
Cert-In is working towards enhancing cyber security in India. It is an official nodal agency as per IT Act and is empowered (When there is an attack) to interview key people in-charge, carry out vulnerability assessments & penetration testing, list the existing security policies and controls, and assess their IT assets.
- CERT-In collects, analyses, and shares information on cyber incidents taking place in India.
- Forecasts and alerts about cyber incidents.
- Issuing emergency measures to handle cyber security incidents.
- Issuing guidelines and advisories in relation to information security best practices and procedures, prevention, and reporting of cyber incidents.
Reference Sites: –
https://www.csk.gov.in/security-tools.html
https://www.cert-in.org.in/
https://www.nomoreransom.org/en/decryption-tools.html
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
https://www.cisa.gov/stopransomware
https://us-cert.cisa.gov/
https://ccoe.dsci.in/
https://www.isaca.org/
https://www.eccouncil.org/
Conclusion:
Ransomware in all its forms and variants poses a significant threat both to private users and companies. This makes it all the more important to keep an eye on the threat it poses and to be prepared for all eventualities. To summarise, some attackers never intend to give any data back, others give up at some cost and do not properly implement their data recovery functionality and there are some who do not test their ransomware well enough. In either case, if ransomware protection fails, both money and data are lost and the chances of this happening are not negligible.
Stay Tuned to Cyber Talk Column to know more on internet ethics and digital wellness brought to you by Anil Rachamalla, End Now Foundation, www.endnowfoundation.org
Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.
Click to follow Telangana Today Facebook page and Twitter .