Why Should Orgnizations be serious about Ransomeware?
Why should organizations be serious about ransomware?
As more organizations switched to remote working due to lockdowns, there has been an increase in cyberattacks ranging from phishing scams to ransomware attacks and Cognizant was recently targeted by a ransomware attack.
A typical ransomware attack which encrypts all files and then locks them down to prevent access until the owner or organization has paid the ransom. But nowadays some dangerous ransomwares are unique is the fact that before encrypting files it steals a significant amount of data and sends them to a remote server controlled by the attacker. The objective is to sell the data on DarkWeb if the organization or individual refuses to pay the ransom amount.
How does the attacker operate:
The ransomware is mainly spread through malicious websites pretending to be cryptocurrency trading sites, desktop connections with weak passwords; phishing emails impersonating government agencies, for instance, most of the organisations, emails were sent with a Word /PDF attachment that used macros to run the malware in the system OR when Employee/ user click on the web link on emails download some malicious software piece from the back.
The interesting difference is that ransomware is attempting to detect whether the victim is using a home computer, workstation, domain controller, or server and adjusts its ransomware accordingly.
Who is behind attacks?
Security experts have yet not been able to trace the country of origin of the ransomware. During their examination, most of the IP addresses belonged to Russia, Africa, China, Nigeria, Mexico and Iran Federation.
“These are exactly the situations why the industry needs to adopt a proactive OR real-time and quantifiable approach to cybersecurity. Cyber risk quantification platforms can help organizations get a clear view of the cyber risk posture in real-time, allowing them to prioritize cybersecurity projects and investments,”
What can organizations do to protect themselves:
- One can avoid paying ransoms as long as they have all the important data backed up properly.
- During LockDown Make sure you are using SSL VPN which does not create a tunnel between End Device to your Data Centre
( Avoid to use IPSEC VPN and SSL VPN with Basic Security )
- Need to create Policy for work from home use with Time-bound access
- Use Muti Factor Authentication and Device Locking feature in SSL VPN
- To protect their systems any such attacks, organizations need to improve their security rule and Understand
- Do not allow Copy/ Paste and Download file feature through SSL VPN while accessing application
“These are exactly the situations why the industry needs to adopt a proactive, real-time and quantifiable approach to cybersecurity. Cyber risk quantification platforms can help organizations get a clear view of the cyber risk posture in real-time, allowing them to prioritize cybersecurity projects and investments,”