Is there anything you can do to reduce the risk of a ransomware attack? And what should you do if you are the victim of a similar attack? These were some of the questions answered by a group of cyber security experts who talked about ransomware during a Reddit AMA. The discussion was organized by the California-based Institute of Security and Technology (IST), a non-profit organization. And that included Jane Ellis and Bob Rudis of cyber security firm Rapid7, Mark Rogers of IT services firm Okta, James Shank of computer security company, Team Cymru and Alan Liska of cyber security firm Recorded Future.
One of the Singapore-based security firm Group-IB study According to the report, there has been a 150 percent increase in ransomware attacks worldwide in the past year. Ransomware attacks occur when hackers use extortion software to lock your system and then demand a ransom to release it. Such attacks have seen a rapid increase. The final attack took place during the first week of July at Florida IT firm Kaseya. This attack alone affected 1,500 businesses worldwide.
Before the attack on Kaseya, a ransomware attack by a Russia-based group forced the closure of the Colonial Pipeline, the largest oil pipeline in the eastern United States. The attack crippled fuel delivery to the US Southeast for several days. The incident was followed by another similar attack on JBS SA, the world’s largest meat packer. This string of attacks has prompted the US Justice Department to accord the same priority to terrorism investigations as ransomware attacks.
As ransomware threats continue to grow, IST, a non-profit organization, recently Ask Me Anything on Reddit (Ask Me Anything (AMA) session hosted where users can raise any questions related to ransomware and cybercrime, and what steps people can take to make themselves or their organization a little safer Huh.
What can you do to protect yourself or your business?
First of all we need to understand how ransomware infects computer. “It really depends on the type of ransomware.” Okta’s Rogers explained. “In most cases it is a malicious application that takes control of your system before later spreading to any and all connected systems. Sometimes it can be a real person who takes over your account And it uses it to form a staple in other systems too. Ultimately it ends up with the same things- your data is stolen and an application, a locker, encrypts what is left and the payment is made. demands.”
“Most ransomware attackers don’t require advanced tooling to accomplish their purpose. The pipelined event using plain credentials over a VPN and ransom demands is no rocket science.” Rapid7’s Rudis said.
“Actually protecting yourself or your company can be challenging because of the high-tech ways to beat security – and it’s much more likely that we, as humans, make mistakes.” Rudis said. Recorded Future’s Liska suggests multi-factor authentication, patching, endpoint protection and monitoring, scanning remote infrastructure. Rudis pointed out that there are many secure configurations for workstations and servers that organizations either don’t know about or are lazy to implement.
“Edgering only Active Directory and SMB (Server Message Block) configurations on the server can do wonders to help attackers be able to move in and encrypt or lock-out the latter,” he said.
What should a regular person do?
Shank suggests three basic things anyone can do to ensure greater security for themselves, and the companies they work for-
- Use strong passwords that are unique to each site/service you visit.
- Have good backups, and consider using more than one backup device where both devices are never plugged in at the same time.
- stay alert! If something seems odd to you, alert your corporate security team. Have you clicked on a link and thought it might be bad? report this. Most ransomware actors take time to inventory networks after the initial settlement, so there may still be time to protect your network and your device.