Ransomware
Buzzwords are an asset in the Cyber Security community. Being able to impress upon a customer a danger within their systems with just one word is a powerful tool. While an average user may not understand the use of encryption to prevent them access to their data, being able to use a token term enables a professional to impress the gravity of a danger to the network without delving too far into the technical aspect of a problem. Too often however, buzzwords can be used in a way that limits the customer’s overall understanding of where dangers lie and can prevent proper user education regarding common security mishaps and avoidance.
Let’s dive into Ransomware to talk about the meaning and effect on the cybersecurity landscape and to help non-tech people understand it, how it is used and the importance of understanding what these attaches mean for users and companies alike.
Ransomware: What the buzz is about
Ransomware is a blanket term for the threat of sharing, destroying, or other manipulation of data unless a form of payment is received. These types of attacks can prevent a victim from being able to access their data without a key provided from the attacker; and/or threaten that sensitive information will be released if payment is not received.
The typical Ransomware attack follows this process:
These types of attacks tend to be win-win situations for attackers, as they will either receive payment from the victim, or be paid for information collected from the compromised system from other malicious actors. Both benefits require very little effort from the attacker as most ransomware gains access to the system due to user actions, such as downloading infected files, or visiting unvetted links.
The public versions of these forms of attacks tend to be those with the threat of personal information being released. Recently law firm to the stars Grubman Shire Meiselas & Sacks in New York fell victim to such an attack. In late April 2020, the law firm’s information was encrypted, and the attackers threatened to release data such as contracts, telephone numbers, email addresses, personal correspondence, and non-disclosure agreements. While the amount requested to stop the publication of stolen information has not been released, the firm has claimed it is working to recover the information without providing payment to the attackers. Unfortunately, no matter the outcome, those who work within and those who are clients of the law office will likely have lost valuable piece of mind.
Situations like the ones above are where the danger of using buzzwords without context presents itself. With the cursory knowledge of ransomware that most users have, there is a great danger that those who are not participating in activities they believe would be of interest to attackers are unaware they are still vulnerable. With more and more daily life functions moving to cyber centric systems; the release of banking information, addresses, proprietary business data, and any other material that is being processed on a network or a workstation is a very present danger. Banks, healthcare networks, and companies small and large are all potential targets for attackers.
As with most cyber attacks the importance of user understanding is paramount when it comes to protection and detection. Therefore, Cyber Security professionals need to ensure that while using ransomware as a buzzword, they are also providing an education behind the threat and best mitigation practices. Simple actions such as informing employees of the threats, employing two factor authentication when possible, and implementing software restriction policies or other controls to block the execution of programs in ransomware heavy locations such as temporary folders for internet browsers, and compression/decompression programs. These simple actions can prevent costly attacks and ensure that while ransomware is a term that users might hear; it won’t be because they’re experiencing an attack.