On March 25th, 2022 an article in ZDNet stated "UK's National Cyber Security Centre (NCSC), described ransomware as ‘the most immediate cybersecurity threat’ to businesses and an issue which needs to be higher on boardroom agendas.”
According to TrendMicro, over 90% of targeted #ransomware attacks start with a spear-phishing attack. Ransomware is an ongoing threat to institutions and individuals across the world. The threat is so severe and prevalent that in December 2021 the Canadian Centre for Cyber Security published an open letter to Canadian organizations explaining what it is, warning them to take action to prevent and have a response plan in the event they are victimized.
What is it? Simply explained by CISA:
Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
While there are many ways in which an organization or an individual may fall victim, in general, the final result is that folders and files get encrypted, and victims receive a note demanding a ransom payment. Payments range from the thousands to millions, normally paid in #bitcoin. In most cases when a payment is made an unlock key is provided and the victim can get most of their files and systems back.
The question remains, is the threat actor really gone? Will this happen again?
Organizations and individuals must learn, prevent, and prepare. The Canadian Centre for Cyber Security (CCCS) is a great starting point. In September 2021 they published:
Top 10 IT security actions to protect Internet-connected networks and information
Over the next few weeks, we will summarize each one of these, starting with the first one.
Consolidate, monitor, and defend Internet gateways
· Monitor your Domain Name System (DNS) server
· Reduce the number of external connections to your network
· What Transport Layer Security (TLS) version of your cloud service?
· Are you using or should you use a Virtual Private Network (VPN)?
· What are your Internet Protocol Security (IPsec) or Media Access Control Security (MACsec) requirements?
While prevention is key, your teams must be educated and trained to respond where prevention strategies fail. Start by enrolling in our Ransomware Investigators Course being instructed by NCFTA in July 2022.