Preventing and Mitigating Ransomware

From MC Chem Wiki
Revision as of 16:40, 17 June 2022 by Skychemist5 (talk | contribs)
Jump to navigation Jump to search

Ransomware - malware that encrypts files and operating systems. Extortionist then hold for ransom the decrypt keys for the restoration of data. The uniqueness of a ransomware exploit is that infection can occur and spread via various malware injection methods, such as the compromise of hyperlinks, infected files, software updates, network access and social engineering.


The 2021 FBI Internet Crime Report has ransomware events up 82% between 2019 and 2021. As of this writing the country of Costa Rica is under attack.


"WASHINGTON (AP) — Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country’s president declaring war against foreign hackers saying they want to overthrow the government." AP Newswire


These attacks are not limited to poorer countries, both Baltimore and the state of Maryland have been repeatedly compromised by ransomware attackers. Colleges and universities are under increasing threat, include not only the ransoming of data, but the exposure of personal information when institutions refuse to pay. Recently Lincoln College attributed its closing due to the effects of ransomware. Whole public infrastructures have been held ransom IT infrastructures are further potentially compromised with software flaws and exploits, such as Microsoft Exchange, Microsoft 365, SharePoint, OneDrive and Teams which permit attackers to compromise entire networks. In addition to indirect and random infections, directed attacks have the potential for further disruption. Purposeful attacks and compromises come from learning a potential victims unique vulnerabilities and network topology. Too often IT professions rely on such measures as the Common Vulnerability Scoring System (CVSS) and other rating systems without realizing cybercriminals use these low scoring vulnerabilities as means of compromise. Such instances demand vigilance and staying current on the part of IT professionals and end-users alike.

Call To Action

The all too often adage is "failing to plan, is planning to fail" is in play. It is equally true that a half hearted effort equally has the potential to end in ruin. Cyber security involves prevention and response. Countermeasures towards malicious activates include: 1) Identifying and classifying the assets within infrastructure, to know the critical and non critical devices, core services and understanding the visibility and context of the attack surface. 2) Isolating and restricting critical intranets from the internet and data access points when possible vs when necessary. Using cyber risk scoring to systematically to identify weaknesses and vulnerabilities with the highest likelihood of impact. 3) Developing a resilient infrastructure is key to prevention and recovery in the event of any network compromise. Ideally systems would include internet security and antivirus software, system design, good computer habits and a cyber hygiene program with a means for restoration of services with minimal impact should such need to be implemented. 4) Training IT staff and educating end-users are paramount. Weakness in awareness and complacency can undermine all of the previous efforts. Well trained, best practices and informed CIO/CTOs and network admins can supplement and/or replace the role of a CISO in many instances and should be apart of their responsibilities given the magnitude IT security impacts all organizations.

Retrieved from "http://205.166.159.208/wiki/index.php?title=Preventing_and_Mitigating_Ransomware&oldid=19837"