Don’t be Held for Ransom! Tips for Preventing Ransomware

By

“****, my system has been attacked by ransomware…” has been one of the most commonly said statements in this year alone… The last 12-18 months have seen ransomware evolve from a relatively small hacker operation into a global IT epidemic, and one of the most dangerous security threats facing enterprise organizations today. There is one good thing about ransomware too. It doesn’t discriminate!!! It will attack your system irrespective of the fact your organization is the leader or the follower… you work for greater good or bad.

 Before we move further, a brief about ransomware. Ransomware is a type of crypto-malware used for cyber extortion. Ransomware holds a victim’s computer or their files hostage via encryption while demanding payment in exchange for decrypting the files and releasing access to the user’s device. Ransomware is usually spread through phishing attacks containing a malicious email attachment, infected program, or link to a compromised website. Ransomware attacks have evolved to target businesses, encrypting entire networks of computers or files and bringing business operations to a halt until the ransom is paid.

From a CIA perspective, (don’t confuse it with the American intelligence, I was talking about the triad - confidentiality, integrity and availability), ransomware targets the availability aspect. The files are made unusable till the time ransom is made. There are no changes made to the files. They are just encrypted. Hence, the best bet to not be crippled by ransomware is to back up everything at periodic intervals. The latest your backup, less are the chances that you would even feel the pain given by the ransomware.

Tip: Always back up your systems. The best bet is a cloud storage backup.

However, the most logical question is - Why did my system get infected and what could I have done to prevent it?

Amongst many reasons, the following are one of the most common ones:

  • Not applying the patches on time.
  • AV signatures either not updated / No use of AV
  • Downloading software that seems genuine but is full of malware from torrent / fake websites
  • Opening attachments from unknown senders.

Keeping your systems up to date with respect to patches and anti-virus is one mechanism that helps to reduce the ransomware problem. Additionally, users need to upgrade the software that there is no support available from the vendor. For example - if you continue to use Microsoft Windows XP or Windows 2000 server, you are at risk. Half the battle against ransomware can be won if we follow basic cyber practices.

Open-source software can be a better alternative if you don’t want to spend a few bucks for the software. In fact, using open-source is a better option that downloading malicious software from pirated websites. It is also important that you download the software from the OEM’s website only. 

Emails are also one top source of spreading malware. It is important to follow the best email security practices in this regard.

From an organization’s perspective, educate your employees - not once in a lifetime, but every day. Don’t make this training boring. In fact, hands-on training or simulation drills are one of the best ways to educate them.

One final tip is “Don’t pay ransoms unless absolutely necessary”. Paying ransom doesn’t guarantee that you will get the key to decrypt. Paying the ransom only establishes you as a paying target for future attacks and has even led to follow-on data breaches at some organizations. Unless you have absolutely no other choice, avoid paying ransoms.

Hence #becybersafe, #becybersmart and don’t forget to spread the message across.

Comments

Post a Comment

You may also like to read...

Identification, Authentication, Authorization, and Accountability

By
Image
The 4 steps to complete access management are identification, authentication, authorization, and accountability. Many confuse or consider that identification and authentication are the same, while some forget or give the least importance to auditing. These are four distinct concepts and must be understood as such. Identification Whenever you log in to most of the websites, you submit a username. In case you create an account, you are asked to choose a username which identifies you. This username which you provide during login is “Identification”. It is simply a way of claiming your identity. From an information security point of view, identification describes a method where you claim whom you are. If you notice, you share your username with anyone. Your email id is a form of identification and you share this identification with everyone to receive emails. This means that identification is a public form of information. Authentication So now you have entered you
Continue Reading...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

By
Image
Identity and Access Management is an extremely vital part of information security. An access control model is a framework which helps to manage the identity and the access management in the organization. There are 5 main types of access control models: discretionary, rule-based, role-based, attribute-based and mandatory access control model. Every model uses different methods to control how subjects access objects. While one may focus on rules, the other focus on roles of the subject. As a security professional, we must know all about these different access control models. While one company may choose to implement one of these models depending on their culture, there is no rule book which says that you cannot implement multiple models in your organization. These models are built into the core or the kernel of the different operating systems and possibly their supporting applications. Every operating system has a security kernel that enforces a reference monitor concept, whi
Continue Reading...

How to Pass SSCP Exam in the First Attempt

By
Image
Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2 . When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.  Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP? You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are
Continue Reading...

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

By
Image
Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready
Continue Reading...

Cloud Computing - The Logical Model

By
Image
At a high level, both cloud and traditional computing adhere to a logical model that helps identify different layers based on functionality.  The four layers are : Infrastructure: The core components of a computing system: compute, network, and storage.The foundation that everything else is built on. The moving parts. Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration. Infostructure: The data and information. Content in a database, file storage, etc. Applistructure: The applications deployed in the cloud and the underlying application services used to build them. For example, Platform as a Service features like message queues, artificial intelligence analysis, or notification services. The security at different levels is mapped to the different layers. The application security is managed at the applistructure layer while the data sec
Continue Reading...