A conscious ransomware that is smart enough to position itself to attack a computer at its preferred schedule is possible in the foreseeable future. Some of current tried and tested methods to maintain cybersecurity against unwanted attacks include protecting a device using back ups, disabling popups, and expending a reliable antivirus software. However, some may fear that the methods of yesteryear may not be enough for future attacks by smart ransomware.
A recent report by Frost & Sullivan, Cyber Security Improvement Insights—Ransomware, presents ransomware mitigation best practices that will aid in curbing cyber threats in the future, which can be categorized into three cyber security ecosystems.
The year 2017 observed numerous successful cyber-attacks, with ASEAN countries among the major targets. When Nayana, (a South Korean Web provider) was flagged by the ransomware, it hit over 153 Linux servers and locked more than 3,400 Websites hosted by the company. As a result, Nayana had to pay 397 bitcoins or approximately $1 million to cease the attack.
Recently, TrendMicro and FireEye identified a new ransomware called “Mangiber”, dubbed after the threats that continue to grow. Most ransomware attacks in the past were successful because of its ability to exploit known vulnerabilities. Therefore, it is suggested that users and service providers invest in vulnerability scanners to detect existing vulnerabilities in the network. This is a fundamental yet critical process.
Frost & Sullivan’s study further reports that users are another important factor in cyber-attack mitigation. Performing periodical social engineering campaigns using phishing simulator tools has proven to be effective in creating discipline among employees and improving vigilance as well as reducing the risks of clicking through malicious links or attachments.
Lest the preventive measures fall short, another step in the cyber security practice is detective controls. When a New Zealand-based market research firm was attacked in 2017, it shut down its IT system to segregate the attack. In addition, PetroChina, the state-owned oil provider, also sequestered the threat by disconnecting the networks that disabled the Internet-based payment system for half a day.
Shutting down or disconnecting the network and the system is a way to isolate further damage. Intrusion detection system is another method that is typically used as a perimeter gateway and usually will be monitored with security analysts to analyze possible intrusions before making decisions such as blocking.
Another way to isolate the attack is by installing deception systems. Decoys that emulate the real systems and files are placed within the internal networks of a company to trick attackers. This system could then detect threats that breached the security systems perimeter and divert them to the decoy.
If the situation is more critical, then network access control (NAC) technology may be able to inspect suspected devices if they have the right policies and security configuration before connecting to the network. The technology might stall the ransomware until it is eradicated by isolating the infected devices. Though having back-ups have long been hailed as an option, it is reported to be targeted in recent ransomware campaigns.
So the next step is to limit access to the backup system. The use of different credentials for different backup copies without syncing to the active directory is another practice to prevent backup copies from being infected.
It is no-brainer that ransomware attacks cause huge loss in productivity costs due to infected computing systems, incident recovery costs, and ransom paid to the cyber attackers. Cyber security market, especially in Asia-Pacific, is seen as a huge market with various growth opportunities and potentials worth billions of dollars.
A sound investment in immunising your network ecosystem is considered a smart thing in 2018.
For more information and on Cyber Security Improvement Insights—Ransomware, please click here
Sachi Mulmi is a researcher with Frost & Sullivan. She can be reached at firstname.lastname@example.org