- David Polách
Ransomware is a type of cyber-attack with one goal – to encrypt your data. The hacker will demand a ransom to make your data available again. How do hackers use this attack? Why is it becoming more and more common lately? And how can companies defend themselves from this cyber-attack?
You can imagine ransomware as a roadside robber that will cross your path and try to swindle you out of your money. If you pay, he leaves you alone. But you never know how exactly the incident will turn out.
The goal of cyber security in a company is to ensure the functionality of the company's IT systems and to protect data. Above and beyond all of this is the ability of the company to operate, provide services and do business "normally", even in the event of a cyber-attack.
For various reasons, attackers seek to disrupt these corporate goals. That’s why they often hold the company to ransom. With money being the number one concern, ransomware has become one of the most used types of attacks affecting companies.
The aim of ransomware is to do harm. Hackers want to infiltrate a company's network, spread ransomware and then encrypt files. The victim is then asked to pay a ransom or no longer have access to the data. A payment is therefore made for allowing access to the ransomware's own data again.
It's good to remember that ransomware attacks can also simply aim to threaten to disclose customer information. Especially when the information is of a sensitive nature.
How can you protect yourself from ransomware?
To know how to defend against ransomware, it's important to know, where it can get to us. Typical ransomware hides in phishing – a fraudulent emailu or SMS where the attacker wantsthe victim to click on a link in the message and enter their sensitive details into a site that pretends to be real and familiar. Or download something from it, which can happen just by loading it. How can I defend against ransomware attacks? We have some tips for you.
- Because the attack is directed at your data, it is important to protect it first and foremost. Backup and archiving are your best companions. Different location, different media, ideally 3 copies of the data. If someone threatens not to restore your data, you can already restore it from backups.
- When phishing is sent, the first line of defense is an antispam filter and a firewall on your internal network. Setting them up properly will cut off most unwanted communications. If an email still makes it through to a user, you need to make sure that the specific employee knows how to respond.
- By segmenting (splitting) the network you narrow the potential impact. If you segment your network, typically by importance or by the type of user or device it contains, the ransomware will not spread further. If the attack is successful, you will lose less data and less money.
- Timely updates also protect you. The release of patches by the manufacturer makes it clear that there is a weakness in the system or application. Once the patch is released, the attacker knows about the vulnerability. If you delay its installation, you give the attacker time to exploit it.
- This is where the big challenge comes in – employee education. New legislation requires companies to train employees regularly, plan and keep records of training. The reality, however, can be that employees hear all the possible training they need to complete in a year in one day. Occupational health and safety, fire training, employer-specific training... and finally, cybersecurity. How much of that will stick in their heads in the end?
If companies want to truly defend themselves from cyber-attacks, they must educate employees and take the time to educate them properly.
International anti-ransomware initiative
Statement against ransom payments for ransomware. Under this name is a joint declaration by states and international organizations that they will not pay ransom for ransomware. Why did something like this come about? Who is affected by the commitment not to pay? And who is behind it?
The declaration is the result of a meeting of the "International Counter Ransomware Initiative" (CRI). This is a global initiative with more than 50 members. It has a presence on every continent and members include the USA, UK, Germany, Australia, India, Cameroon, the United Arab Emirates and the Dominican Republic. And of course, the Czech Republic. Conspicuously absent from the large states are China and Russia. Of the countries notorious for using ransomware to improve their state budgets, North Korea.
What are the CRI goals?
To build common resilience against ransomware attacks.
Limit the lifetime business model of ransomware attacks.
International collaboration of members in the face of a ransomware attack.
Collaborate with the private sector to combat ransomware.
Combat the funding of ransomware attacks and the subsequent ability to use the ransom collected.
Following a CRI initiative, the International Anti-Ransomware Group was established to coordinate CRI's joint action against ransomware gangs. Its goal is to target gangs at the operational level - i.e. the real groups that use ransomware to attack.
Another activity has been the effort to combat the business model of ransomware gangs. Through analysis in the areas of cyber insurance, victim behaviors, seizure and confiscation of virtual assets, ransom payments and best practice in incident reporting and information sharing.
Further plans emerged from the current CRI meeting:
-
Cybersecurity development for the members of the initiative
Capability development involves assisting countries with less advanced cyber security. Cybersecurity capacity building (training people), mentoring (sharing know-how and best practices), launching a program using artificial intelligence to fight ransomware. All with the help of more experienced members. -
New practices in information sharing
Information sharing includes the launch of ransomware information sharing platforms. These will be built on the Lithuanian MISP platform, and an Israeli and UAE platform called Crystal bowl. -
New methods for "striking back"
The declaration of non-payment of ransom was part of the last part As well as a commitment As well as a commitment to help CRI members in the event that government and/or key sectors (water, energy, transportation and communications) websites are hit by a ransomware attack.
