RANSOMWARE DEEP DIVE - HOW TO PROTECT YOUR DATA

Many are familiar with the threat posed by cybercriminals with devious tactics including phishing attempts and the dreaded ransomware attack. In this issue of BlogBytes we will review and examine key excerpts from a new white paper by David Balcar that takes a deep dive into the nefarious world of ransomware called “Exploring the Ransomware Epidemic: Unraveling the Past, Understanding the Present, and Anticipating Future Threats.” The paper is full of must read information. We will follow this edition of BlogBytes with additional articles that will focus on various segments of David Balcar’s detailed ransomware analysis, recommendations and predictions.

Listen to cybersecurity expert, David Balcar, discuss the essential details behind the ransomware epidemic, its disastrous consequences and what you can do to survive it.

But first, let’s take a look at some of the highlights from the paper: “Exploring the Ransomware Epidemic: Unraveling the Past, Understanding the Present, and Anticipating Future Threats.”

WHEN DID RANSOMWARE BEGIN?

The use of ransomware to extort payment from an organization began decades ago. As noted in the white paper:

“From its nascent stage in the late 1980s, where rudimentary forms of ransomware demanded payments for the restoration of data, to the sophisticated, multi-layered attacks of today that hold entire organizations hostage, the metamorphosis of ransomware mirrors the advancements in technology and shifts in cybercriminal tactics.”

These ‘hold for ransom’ data seizures can be quite costly to an organization.  The paper recalls that:

“Incidents range from a Florida City IT employee being terminated after the city paid a $500,000 ransom, to the unfortunate closure of Lincoln College, a 157-year-old institution, due to a ransomware attack.”

Other attacks infected a slew of companies including Colonial Pipeline, JBS Foods, and MGM Resorts International. These cyberattacks threaten not only the pocket books of organizations but also customer service, company reputation and the very livelihood of employees and survival of the firm.

HOW DO THEY BREAK IN AND CAUSE CHAOS?

Cybercriminal actors can utilize a number of ‘break-in’ techniques but most notably is the use of phishing emails. “The use of deceptive emails that trick recipients into clicking on malicious links or opening infected attachments remains a primary method for distributing ransomware,” notes the author. The paper explains that attackers may also use AI to increase the effectiveness of attacks and the use of social engineering tactics like phone calls, messaging and social media to gain access to systems.

David Balcar explains the difficulties in combatting ransomware attacks which include the increasing complexity of an attack, legal and regulatory hurdles, and recovery and response challenges which “underscore the need for a multi-faceted approach to ransomware defense.”

PREPARE – PREVENT – DEFEND

The paper emphasizes that “Preventing ransomware attacks and mitigating their impact requires a comprehensive strategy that involves technical defenses, organizational policies, and user education.” It also reviews how the MITRE ATT&CK framework can help organizations improve their cyber resilience.

The MITRE ATT&CK framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.  It is used to “understand adversary behavior and to better prepare for, detect, and respond to cyber threats, including ransomware attacks.”  

Balcar explains that best practices include the need to: “Adopt and implement recognized cybersecurity frameworks, such as the NIST Cybersecurity Framework, to guide the establishment of security policies and practices.” The paper goes in to detail on these topics and draws attention to the requisite to protect data assets. “Utilizing backup and storage strategies like tape backups which shares a complementary relationship with contemporary cybersecurity technologies and taking the 3-2-1 Rule which states there should be 3 copies of data on 2 different media with 1 copy being off-site.” Balcar explains that tape can provide the essential offline air-gapped copy of critical data that can’t be accessed by cyberwarfare. He notes that, “The resilience and effectiveness of tape backups in the face of ransomware threats is second to none.”

Suffice it to say, this ransomware paper is bursting with useful information on how to plan your cybersecurity defenses more effectively, identify ransomware threats and provide more resilience to withstand criminal attempts to disrupt or destroy your data.

Get access to the complete white paper here and look for upcoming BlogBytes articles that dive deeper into thought-provoking segments of this comprehensive study.