Don’t Pay a Ransom?? The Rise of Ransomware….

Ransomware…CISO’s worst nightmare right? Trust me, it’s something that keeps me awake at nights as well. Ransomware is the fastest growing threat there is today and its targeting everyone, whether they are home users, corporate users or government networks, etc. Cyber crime isn’t always about fancy hacks and killer exploits. It’s as simple as sending an email to transfer funds or pay an invoice from the MD – click on the attachment, boom there go your files!!

I am pretty sure when the bad guys started creating this kind of malware all they could think of is “show me the money” …look up Jerry Maguire if you want to know what I am talking about J….

So what is ransomware? It’s a piece of malware that blocks access to user files in simple terms. It encrypts all documents, pictures, etc. with a virtually unbreakable encryption key. You either pay up in cyber currency such as bitcoins or wipe out & rebuild your entire system, hoping you have a recent backup of all your data. If you do decide to pay up, there is no guarantee that you will be able to decrypt your data either. Oh, just so you know, if you do not revert to the attacker in the stipulated time he / she has given, the ransom also increases…: P

Of course there are different variants of ransomware – some are aimed at the Microsoft family, whilst some are aimed at the MAC family. The new age ransomware variants are more aggressive, stealthier in nature, advanced and of course created to evade traditional antivirus systems.

I am not getting in to basics of Ransomware, there are way too many articles on the same online…. the reason I decided to write this up is from a CISO’s perspective.

Good guys have to win always; bad guys have to win just once. The need of the hour – have effective and efficient cyber security controls in place. Think about it, in case of a cyber attack, who is the first one to get whacked? – the CISO. The job and the profile is tough, most of the times we have to do with the limited resources available with us – a magic wand to say. ;). Organizations across the globe are vulnerable to this threat and if anyone has told you they are protected against ransomware are sadly mistaken.

How do CISO’s reduce the risk from this menace? Awareness, awareness and more awareness for all end users. That is the key!! Of course you also need to ensure you have adequate “Secure” & “tested” backups as well. Why secure you may ask? For heaven’s sake, please ensure your backup copies are not “live” on your network or connected to your network all the time. Have an offsite rotation of your tapes if possible. I know many organizations who do their backups, but have never bothered testing whether the restoration works seamlessly, and when the time actually comes to do a restoration, there are issues. Murphy’s law huh?

I believe Incident preparedness is a major key area that is also gaining focus. The sooner you detect a ransomware attack on one of your systems, the faster you will be able to act. Disconnect the system from the network, get into forensics mode….

Everyone has a plan until they get punched in the face…. Then what? Do you freeze due to fear? It’s how you react to adversity that defines you…. let me know what you think?