Ransomware

Ransomware

• Type of malicious software that is designed to block access to a computer system or its data by encrypting it until a ransom is paid to the attacker
• Generally it will display a message to the victim that demands payment in exchange for a decryption key which can decrypt your data files.
• Demands range from a couple dollars to multi-million amounts
• Examples:
  • Colonial Pipeline Co.
    • Half of U.S. fuel supply on the West Coast
    • Payed 4.4 million dollars for a decryption key
  • University Hospital in Dusseldorf, Germany, 2020
    • Suffered a ransomeware attack which cripple their systems
    • People in critical conditions actually died
    • Attackers claimed they attacked the hospital by mistake
    • They ended up providing a decryption key without ransom

How to defend from Ransomware

• How can we protect ourselves and our organizations against ransomware?

1. Always conduct regular backups
   • Should be stored both on physical devices on premise as well as on cloud storage solutions
   • You will have a full copy of your data in case of compromise
2. Install software updates regularly
   • WannaCry ransomware attack because of a critical OS patch
   • If systems were updated it would have prevented machines from being infected
3. Provide security awareness training to your users
   • Prevent agianst phishing attacks and malicious embedded links within emails
4. Implement Multi-Factor Authentication (MFA)
   • Provide an extra layer of security which may prevent an attacker from accessing your account

What to do in case of attack

• What should you do if you find yourself or your organization as the victim of a ransomware attack?

1. Never pay the ransom
   • Paying the ransom doesn't actually guarantee that you will ever get your data back
   • It gets you added to the list of persons that actually pay the ransome
2. If you suspect ransomware has infected your machine, you should disconnect it from the network
3. Notify the authorities
   • Ransomeware attacks are a crime!
   • See if this aligns with your organizations procedures and incident response protocols
4. Restore your data and systems from known good backups.
   • First make sure the ransomware is completely removed from the compromised systems before applying backups