This October marks Cyber Security Month, an event organised by ENISA (the European Union Agency for Cybersecurity) to promote data protection awareness.
The campaign – which is coordinated in partnership with the European Commission, national governments and private organisations – offers experts and beginners alike the opportunity to learn more about cyber security initiatives.
This year is the tenth anniversary of the campaign, and the focus this year is on phishing and ransomware – two of the biggest threats that organisations currently face.
The two types of attack are closely linked, with phishing being among the most common ways that cyber criminals plant ransomware on victim’s devices. Attackers typically place the malicious software in an infected email attachment, and create a pretext to lure recipients into downloading the file.
Once on an organisation’s systems, the ransomware encrypts sensitive files and displays a message instructing the victim to make a payment – typically in cryptocurrency – to regain access to their systems.
Many organisations, particularly those that provide essential services, feel they have no choice but to negotiate – despite expert advice warning against it.
Ransomware attacks have hit the headlines repeatedly in recent years, from the Colonial Pipeline and Irish Health Service hacks to the more broad reports on its epidemic status.
According to our analysis, there were 401 ransomware attacks in 2021 – a 39% increase on previous year. The threat is so pervasive that multinational firms such as Microsoft and Amazon have joined the RTF (Ransomware Task Force) in giving governments recommendations to mitigate the threat of attacks.
In an 81-page report published last year, the group calls for “aggressive and urgent action” against ransomware. They add that “more than just money is at stake [as] ransomware has become a serious national security threat and public health and safety concern”.
The RTF co-chair Jen Ellis said: “Citizens are being impacted by this every day. It’s having a huge impact on the economy and the ability for ordinary people to access critical services.
“Not only that but, really distressingly, the funds that come in from paid ransoms fund other forms of organised crime, like human trafficking and child exploitation.”
With ENISA focusing on ransomware in this month’s Cyber Security Month, it provides another timely reminder of the damage that this particular form of cyber attack can cause and the public’s continued struggle to deal with the threat.
Why can’t we stop ransomware?
Ransomware comes in countless forms and can be delivered in any number of ways, but at its core, all attacks look the same. The malicious software enters a victim’s system and performs two functions: it encrypts data and it delivers the ransom message.
Depending on the complexity of the malware and its mechanism for gaining access, the encryption can be relatively basic or maddeningly complex, and it might affect a single device or a whole network.
Despite the threat that it poses, few organisations treat ransomware more seriously than other malware infections, relying on anti-malware software and ‘common sense’ to protect themselves.
Unlike the cryptography we encounter every day, the main problem posed by ransomware is that, in most cases, the victim has no access to a key to decrypt the data. Although there are instances where organisations can recover the data without having the decryption key, these are few and far between.
Once the data has been locked up, the victim will receive a notification explaining that their files have been encrypted and how to pay to get them unlocked. However, cyber security experts urge against this, because there is no guarantee that the criminal hackers will keep their word once they have their money.
There are also the ethical questions to consider. By giving in to the attackers’ demands, you are encouraging them to commit further attacks, and the money you give them could directly contribute to that.
Protecting your organisation
There are two primary ways ransomware gains access to a computer or network. The first is social engineering, which typically relies on human error – such as people clicking links in phishing emails.
However, it’s also possible to deliver ransomware without human intervention, by directly attacking the network via vulnerabilities in the perimeter.
Criminals are constantly probing network boundaries looking for the tell-tale signs of a vulnerability that they can exploit. These efforts can be highly targeted or a simple scattershot approach looking for any target with a weakness.
Undirected attacks against networks look for common flaws that can be automatically exploited. More complicated attacks – clearly targeted – combine data from a number of sources in order to gain access.
For instance, responses from a login portal could be combined with information gleaned from LinkedIn (such as a list of employees) and previous data breaches (connecting a user with passwords they have previously used) to give criminals a set of likely user credentials to attempt.
These are only the most common methods, however. Ransomware can also be delivered a number of other ways – such as via a wider infection once it gets into a network, within an infected USB device, or packaged with a more ‘benign’ download (such as bundled with an app or other software from a disreputable source).
Criminal groups may also sell known backdoors or details of previously compromised networks that ransomware attackers can target without needing to do too much of their own work to gain access.
This access will generally have been gained the same way as those methods described above. It is also common for separate criminal groups to work together: one gaining access to the network and the other exploiting that access to run the ransomware (or undertake any other malicious activity).
The Ransomware Threat Landscape
Are you looking for more information about ransomware and the ways you can protect yourself? Alan Calder’s latest book, The Ransomware Threat Landscape, contains everything you need to know.
Alan Calder is IT Governance’s founder and executive chairman. He is an acknowledged international cyber security guru and a leading author on information security and IT governance issues.
His book provides a simple explanation of ransomware and how it works, helping business leaders better understand the strategic risks and the measures they can implement to stay safe.
