Article preview (bot search)
(Original link: zdnet.com)
| Topic: Security Ransomware: Why paying the ransom is a bad idea for everyone in the long run ZDNet's Danny Palmer explains that some cyber-insurance companies encourage their clients to pay the ransom to get back up and running as quickly as possible - but here's how this just causes more problems. Read more: https://zd.net/2OaoVSf
Ransomware is running rampant this year , with high profile attacks by cyber criminals using the data-encrypting malware almost occurring on a daily basis.
Local governments , schools and universities and hospitals and healthcare providers have all fallen victim to ransomware attacks which now see hackers demanding hundreds of thousands of dollars in Bitcoin in exchange for returning files.
Victims often give into the extortion demands and – despite advice not to – pay up. In other cases, the organisations resort to attempting to fix the issue themselves, losing working hours and revenue for the days or weeks the network is down.
The damage that can be done to an organisation which falls victim to a ransomware attack – the financial costs of fixing the problem, plus the potential reputation damage which comes with falling foul of hackers – is plain to see. So why is it that despite the warnings about ransomware, the attacks are still so effective?
Part of the problem is that many boards still aren't taking cybersecurity as seriously as they should be.
"It's exactly how it's been for more than 20 years: security still isn't considered a priority as part of business operations – it's shunted off to the IT department or to the side," says Jennifer Ayers, senior director of security response at security company CrowdStrike.
"There have been some changes, especially over the last ten years with more in investment, but at the end of the day security teams are considered a smaller group off to the side and not a critical part of the business".
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
For example, Microsoft emphasised the importance of installing the critical security update for EternalBlue – the vulnerability which powered WannaCry – but the scale of the global attack made it clear that a significant proportion of victims hadn't applied the patch, despite the warnings .
In other cases, the patches are being applied, but because the work isn't being done by specialist staff, sometimes they're not installed correctly, leaving organisations vulnerable to attacks they think they're protected against.
"Most incidents actually happen as a result of a vulnerability you already know how to fix. We know that the right answers are and it's not that companies aren't' taking action, it's some of the controls they're using are fallible and the complexity of deploying them is a hard problem," says Christy Wyatt, CEO of Absolute Software, a endpoint security and data risk management company.
"If you don't have this immune system, these things are going to find their way in," she adds.
Failure to patch properly remains one of the leading reasons cyber criminals can deliver malware in the first place, alongside insecure remote desktop protocols (RDP) being left exposed to the internet with default login credentials .
Often, these RDP ports can be completely forgotten about, leaving organisations with a weakness they didn't even know they had – and that's handing an advantage to attackers because a security team can't work to protect something which it doesn't know is there.
"Think about your network: you need to make sure you have visibility on all your devices because if you can't see it, you can't protect it," says Wyatt. "Devices that aren't managed don't have a fighting chance: without visibility, you're fighting with one hand tied behind your back".
Unfortunately, while those who fall victim to ransomware might do so because they lack visibility of their network, the same can't be said for the criminals behind the attacks.
Ransomware attacks are more sophisticated than they were even just a few years ago when phishing emails delivered and deployed the malware – now after gaining to access to a network, hackers will spend weeks or months inside it, moving across the network with the aid of stolen or weak credentials to ensure everything which can be targeted with ransomware is hit.
Only then will the attackers pull the trigger on the attack; encrypting the whole network of a victim and demanding a huge sum in return for returning the files.
SEE: Ransomware: 11 steps you should take to protect against disaster
It's therefore crucial that organisations work to ensure that that RDP ports are as secure as possible – and that even if an attacker gains entry to the network, protections are in place to stop them in their tracks
"You want to limit attackers' ability to remotely access networks by either doing things like locking internal RDP access to environments or requiring multi-factor on any remote access tools or gateways," says C...