Preventing and Mitigating Ransomware
Ransomware - malware that encrypts files and operating systems. Extortionist then hold for ransom the decrypt keys for the restoration of data. The uniqueness of a ransomware exploit is that infection can occur and spread via various malware injection methods, such as the compromise of hyperlinks, infected files, software updates, network access and social engineering.
The 2021 FBI Internet Crime Report has ransomware events up 82% between 2019 and 2021. As of this writing the country of Costa Rica is under attack.
"WASHINGTON (AP) — Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country’s president declaring war against foreign hackers saying they want to overthrow the government." AP Newswire
Recently Lincoln College attributed its closing due to the effects of ransomware. Whole public infrastructures have been held ransom
IT infrastructures are further potentially compromised with software flaws and exploits, such as Microsoft Exchange, Microsoft 365, SharePoint, OneDrive and Teams which permit attackers to compromise entire networks. Inaddition to indirect and random infections, directed attacks have the potential for further disruption. Purposeful attacks and compromises come from learning a potential victims unique vulnerabilities and network topology. Too often IT professions rely on such measures as the Common Vulnerability Scoring System (CVSS) and other rating systems without realizing cybercriminals use these low scoring vulnerabilities as means of compromise. Such instances demand vigilance and staying current on the part of IT professionals and end-users alike.
Call To Action
A all too often adage is "Failing to plan, is planning to fail." It is equally true that a half hearted effort equally has the potential to end in ruin. 1) A starting point is to identify the identify the assets within infrastructure, to know the critical and non critical devices and understanding the visibility and context of the attack surface. 2) Isolating and restricting critical intranets from the internet and data access points when possible. Using cyber risk scoring to systematically to identify weaknesses and vulnerabilities with the highest likelihood of impact. 3) Developing a resilient infrastructure is key to prevention and recovery in the event of any network compromise. Ideally systems would include internet security and antivirus software, a good computer habits and cyber hygiene program and a means for restoration of services with minimal impact should such need to be implemented.