Ransomware Threats—the Good and the Bad News  

Although ransomware threats are real and dangerous, there is actually some good news to be had. By knowing what the good and the bad news is, in fact, people will place themselves in the best possible position to deal with these threats. Of course, these so-called “threats” often transform into cases of blatant theft and fraud.

The people behind these heinous crimes, furthermore, are counting on the fact that most of the people who will get hit with ransomware threats have either never heard of “ransomware” or they have assumed that this type of crime only targeted big companies and rich folks. Needless to say, both assumptions are false.

The Good News

• These threats generally require action on the part of potential victims; if we can keep those victims from doing what the criminals want them to do (i.e., click on a given link, pay money to supposedly get their kidnapped data back, etc), they can fare much better, in most cases. Ransomware is all about creating a domino effect, which, when it does what they expect, leaves total mayhem behind. Well, the trick is to take one or more of those dominoes out of the equation before the malicious attack takes place and, if necessary, while it is taking place.
• Many of the people conducting these raids are sloppy and, one might even say, amateurish hackers. In fact, it’s obvious sometimes that these people work with a single program they either bought or clumsily put together themselves.
• It’s possible to block many of these attacks—as a matter of fact, prevention is probably our best weapon and hope against ransomware hackers. Ransomware attacks often take advantage of security protocol/systems weaknesses. They discover those weaknesses by constantly poking the firewalls and anti-virus programs–the scary part is that these people seem to have unlimited amounts of time to be destructive and malicious. By thinking the way they do, we can start to develop stronger defense systems and protocols.
• Since we know a lot (and are learning more day-by-day) about this type of threat, we are in an excellent position to design defenses, something which is happening as we speak.
• Deploy more (and better) anti-malware and anti-ransomware technology, including the strengthened enforcement of PCI DSS standards, Transport Layer Security (TLS), Secure Sockets Layer (SSL), and chip-based POS systems.
• Amazingly, point-of-sale malware attacks, another closely-related form of cyberspace terrorism, went down by approximately 93% from the year 2014 to the year 2016; this proves that cyber terrorism can be defeated or at least substantially decreased with the right kind of response.

The Bad News

• These botnets or viruses (whatever form they come in) can do significant damage to people’s personal data files or even whole computer systems.
• These backyard hackers are mostly in far away countries where it would be difficult to “touch” them.
• The technology they’re using is self-evolving (actually, not really) but almost self-evolving.
• Unfortunately, the average person out there is too ill-equipped and poorly- prepared (and probably hasn’t even heard about “ransomware”) to deal with these threats adequately.
• This type of scam has proven to be very profitable so far for the perpetrators.
• There are people in the world who can devote their whole day to working on destructive technology like this; the people fighting them off, on the other hand, have to punch out at 5 pm.

ANTI-RANSOMWARE THREATS BEST PRACTICES

The following ideas and options have been used in the past and can be used in the future to help deal with these cybersecurity attacks. It must be noted, however, that it’s foolish to set up as a goal to not ever succumb to a ransomware or malware attack–indeed, there is no such thing as a perfectly secure system. The best that we can do is remove or adequately address weaknesses, make sure that we have the most updated programs and systems in place, and see to it that staff is well prepared for potential cyberspace terrorism events. We need to be clear, though, that ransomware threats are only the tip of the iceberg when it comes to cyberspace terrorism

What makes it so relevant today, though, is the fact that it has as much to do with making money (by the malicious hackers) as it does with disrupting and destroying systems–in other words, it involves an additional incentive missing from most other cyber attack tools. Secondly, ransomware threat attacks target the public, not just organizations. For your part, make sure that whatever solutions you strive to implement protect your clients as much as your system, your staff, and your equipment.

• Backup all your files regularly. Cyberspace terrorism is all about inflicting fear, taking away power and disrupting the peaceful flow of things—by securing your data, you hold on to your power.
• Regularly update your operating system and all programs.
• Proactively identify and address security flaws (such as by patching).
• Work to better secure administration tools and system components.
• Disable outdated and unnecessary protocols for end-user accessibility.
• Find ways to better protect your servers and the network.
• Keep servers updated and patched.
• Defend against brute force attacks by strengthening remote desktop credentials.
• Consider network segmentation strategies.
• Employ elaborate, customized data categorization strategies.
• Consider deploying behavior monitoring and application control.
• Enable sandboxes.
• Better secure gateways.
• Require all staff to submit to on-going, regularly updated ransomware threat management training.
• Just as companies conduct fire drills, conduct mock ransomware threat drills to get staff ready for the real thing.

CONCLUSION

Ransomware threats can be managed successfully but it’s going to take time, money and much better involvement and cooperation by law enforcement, private industry, and government authorities.

Secondly, we need to be doing a much better job of educating the public about this dilemma. Articles like this, as a matter of fact, in conjunction with PSAs, advertisements, e-mail campaigns, etc., may become critically important in order to greatly decrease the number of people that yearly succumb to what is, in essence, cyberspace terrorism.