RISE against RANSOMWARE

Understanding RANSOMWARE!

It is a type of malware that restricts access to the infected computer system and demands the user to pay a ransom to the malware operators to remove the restriction. Few key elements:

• There is however no guarantee of actual recovery even after the payment is made.
• The Remote Desktop Protocol, phishing emails, and software flaws are commonly used as attack vectors.
• Ransomware attacks can be broadly classified into two categories: crypto-ransomware and locker ransomware. The former focuses on encrypting critical files on the computer and rendering them inaccessible, while the latter locks the victim out of their device completely, displaying a ransom note on the login screen instead.

A key step in ransomware execution is the payload delivery and execution. This is achieved by cleverly manipulating unsuspecting users, convincing them to:

• Click on malicious links.
• Download executable files that appear, but are not, legitimate.

Ransomware can be simple, employing basic?encryption algorithms?— yet still inflicting severe damages and impact on the victims.

HOW RANSOMWARE WORKS?

• Attackers gain access to your network. They establish control and plant malicious encryption software.? They may also take copies of your data and threaten to leak it.
• The malware is activated, locking devices and causing the data across the network to be encrypted, meaning you can no longer access it.
• Usually one will then receive an on-screen notification from the cyber-criminal, explaining the ransom and how to make the payment (ransom demand) to unlock your computer or regain access to your data.? Payment is usually demanded via an anonymous web page and usually in a cryptocurrency, such as Bitcoin.

KEY RESEARCH FINDINGS:

• Ransomware remains one of the most pervasive cybersecurity threats today
• 2023 was a record year for ransomware gangs and cybercriminals
• Ransomware attacks increased from 2,581 in 2022 to 4,399 in 2023
• In 2023, over?33 million?data records were extorted via ransomware and phishing attacks — that’s a data extortion incident every 11 seconds
• Total ransomware payments exceeded $1 billion in 2023
• The average cost of a ransomware attack was $1.85 million
• Ransomware attacks and ransom payments nearly doubled in 2023
• Statistically more likely that companies will be targeted by ransomware attacks in 2024

Incedence Response Capabilities - Regularly test (and update, as necessary) your incident response plan and ransomware playbook to ensure everyone knows what they need to do to effectively contain, eradicate, and recover from a ransomware attack.

Investment in Security Tools & Technologies - Regularly train with and test your security tools to ensure your incident response team can use them effectively during a ransomware attack. Continuously evaluate new technology solutions to take advantage of the latest innovations to increase your incident response effectiveness against constantly evolving threats. Update your technology stack and services to take advantage of the latest innovations for advanced ransomware detection.

Need clear 'Blueprints and Frameworks' to respond to a crisis like a Ransomware attack.

• The response needs to be structured. No Ad-hoc response.
• Incident Response Plans with well-defined roles and responsibilities, SLAs defined, Communication details, and templates.
• Playbooks with the course of actions to respond - both technical and management levels.
• Regular TableTops and drills - clear after-action reports

SOME BEST PRACTICES FOR RANSOMWARE PREVENTION

• Periodic, unannounced exercises, such as intentional phishing campaigns.
• Equip the computers with good anti-virus software.
• Use multi-factor authentication to protect your accounts.
• Always keep the systems updated.
• Employ strong & complex passwords.
• Change your passwords regularly and never save passwords electronically.
• Back up important files using the 3-2-1 rule: Create three backup copies on two different media with one backup in a separate location.

INFORMATION SOURCE

• The State of Ransomware by ransomware.org
• https://ccoe.dsci.in/blog/7-biggest-ransomware-attacks-in-india
• https://flexibleir.com
• https://bhumiitech.com/rangestorm/