Cybersecurity for Modern Organisations
What is Ransomware?
This article is about cybersecurity for Australian Organisations. The difference in the past, viruses generally only annoyed you. Unlike Ransomware, viruses didn’t delete your data, unless you pay the ransom. If you don’t do what they need, then your data is gone forever.
In that last 2 decades, there have only been a small percentage of Viruses, which have destroyed data.
Viruses, were mostly about SPAM in the past, and selling computing access to other people. They slowed your computer, but didn’t really affect you.
Now, they are directly trying to extract money out of you, the individual, and they are doing it in an automated fashion. It is big business. They have “customer service” departments in less regulated countries where the law is lax. Case in point, there were 10,000 businesses impacted by ransomware in 2015.
There are three ways to combat this attack:
- Restore from backup; or
- Pay the ransom; or
- Attempt decryption
Most of them use the same type of technology as banking cybersecurity systems, and unless you are the NSA, you can’t crack them and even the NSA will take months or years to decrypt.
Even if you do all of that, you don’t know if the source of the infection has been fixed, and assess if there is still a latent cybersecurity risk.
The main things to focus on is protection and making sure you have a multi-layered cybersecurity policy which addresses workstations, servers and networks.
Ransomware can get in via multiple mechanisms (attack vectors). These include:
USB Keys, Webpages (including innocent, often visited webpages compromised by an attacker), Emails and Attachments / Links, Automated Brute Force(1) Attacks, Zero Day(2) Attacks, Unavoidable Security Flaws in Operating Systems, Virus Software, Web Browsers, Cloud Software, etc., Direct Hack Attack(3), Social Engineering – use publically available information to imply credibility, And Many Others…
- Brute Force refers to a remote computer thousands of different password combinations on a user account per minute.
- Zero Day attacks are those which have never been seen before, and therefore Anti-virus and security software cannot protect against.
- Direct Hack is someone DELIBERATELY targeting your Organisation – increasingly common in Not for Profit Organisations