Freeze I'm ma Baker…Put your hands in the air and give me all your money!
This of course is a 1977 Boney M song from the album Love for sale.
Today Ransomware uses these same words: “We will freeze your data and delete if you don’t give me “some of your money”.
There is no love here.
Some ransomware authors seem to revel in hurting their victims. ZENIS became a ransomware that purposely deletes backups.
Most criminals treat an attack as a transaction, and till now, victims had no choice but to pay or start rebuilding their data from scratch.
Today, potential targets can fight back.
A successful ransomware attack can lead to data exfiltration, extortion, and sometimes the permanent loss of data. Attacks like this are on the rise, increasing over 350% since 2018 according to Trend Micro.
Symantec released its July 2019 white paper documenting a 400% increase in targeted ransomware attacks over the past two-and-a-half years.
Some organizations have paid nearly $600,000 as a result of an attack to unlock access to important systems and/or data. Read Winter travelers: Beware of ransomware during this ski season
Steps to take
Two key security steps include:
1. Implement an Intrusion Detection System (IDS) for early detection
2. Assume ransomware will encrypt or delete anything you can access from your PC. Backups connected to computers are worthless. They need to be disconnected. A solid weapon is to use a backup media you can air gap, meaning it’s completely disconnected from your computer and the internet.
3. Rely on versioning. Even if you disconnect your external drive, there’s no guarantee it will remain protected. This is because your system might already be infected with malware when you run a backup. Use a backup tool that saves multiple timestamped versions of your files.
4. At the most basic level, every enterprise IT team should have a pre-packed jump kit with everything they need to restore their data
5. Formalize a ransomware response playbook, which is supported by the higher-level incident response plan. Although corporate leaders will be naturally reluctant to accept this suggestion, it’s imperative that the IT leader have instant authority to take immediate remedial actions—by default.
6. Design a defensive network. By creating subnetworks and VLANs within the larger environment, you will improve overall security and gain capabilities in quarantining isolated zones, according to Symantec.
7. Assess your readiness and understand your vulnerabilities. Self-evaluation and commitment to continuous process improvement.