The ongoing threat of ransomware

The National Crime Security Centre (NCSC) gives some detail on the ways ransomware is increasing in sophistication and scope.

The National Cyber Security Centre (NCSC) has recently (20 November) published an advisory on ransomware attacks,[1] looking at the changes in the way these attacks are being conducted. This blog post will summarise these findings and provide the Kindus perspective on how best to deal with ransomware.

For anyone unfamiliar with the term, ransomware refers to malicious software that will encrypt the victim’s files, making them inaccessible. In order to decrypt the files, a ransom will be demanded, typically made payable in almost untraceable cryptocurrencies.

Ransomware has started to ingrain itself into the public consciousness since 2016, particularly after the WannaCry attack in May 2017. Whilst affecting systems worldwide, the most high-profile victim in the UK was the NHS. The NHS was particularly vulnerable as many systems were still running Windows XP, which had not been patched since 2014. This resulted in widescale disruption including cancelled appointments, diverted ambulances and having to resort to paper records. According to the Department of Health and Social Care, the attack cost the NHS £92 million.[2]

The NCSC has noted the recent trend of ransomware attacks becoming more targeted. Cyber criminals appear to be putting more thought into perceived value of the victim’s data. For example, encrypting business-critical files and systems, whereas previous attacks took a more scattergun approach. There has also been a notable increase in attacks against Mac and Linux systems as opposed to purely Windows systems. All this indicates that ransomware is increasing in sophistication and scope.

The NCSC also gives some detail about the methods used for infecting systems with ransomware. Typical approaches include remote administration tools such as Remote Desktop Protocol (RDP), whereby cyber criminals have been able to exploit vulnerable RDP sessions by stealing login credentials and other sensitive data. The second main source of attack is through malware like Trickbot.

The advisory concludes with some useful advice on how best to mitigate the threat of ransomware, as seen below:

  • Protect your devices and networks by keeping them up to date.
  • Prevent and detect lateral movement in your enterprise networks.
  • Implement architectural controls for network segregation.
  • Set up a security monitoring capability.
  • Whitelist applications.
  • Use antivirus.

In addition to these suggestions, Kindus believes that staff training is fundamental in the prevention process. If staff are aware of the dangers of opening unknown attachments then a large proportion of attacks can be deflected before they cause any problems. Should you get into a situation where ransomware has infected your computer, we strongly advise you not to pay the ransom. Firstly, hopefully your data is already backed up in a separate location. Even if it is not, there are no guarantees that paying the ransom will decrypt your data. Paying the ransom only encourages future attacks.

For more information on Kindus’ security training services, please click here.

 

 

[1] National Cyber Security Centre (NCSC), ‘Advisory: Ongoing Threat to Organisations from Ransomware’ (20 November 2018).

[2] https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/747464/securing-cyber-resilience-in-health-and-care-september-2018-update.pdf [accessed 27/11/18].

More from Security

03/09/2024

Google and Facebook Single Sign On (SSO)

Single Sign On (SSO) options are commonly seen through providers such as Google, Facebook and to a lesser extent Apple.  There are also less …

Read post

13/08/2024

Ransomware in Healthcare

The ThreatLabz 2024 Ransomware Report highlights the relative susceptibility of the healthcare industry to ransomware attacks.  312 attacks on the Healthcare industry were reported …

Read post

29/07/2024

Bad Bots

Kindus has discussed the role of bots on the Internet and how webmasters can use ‘robots.txt’ to control them.  Unfortunately many bots do not …

Read post

22/07/2024

Lessons from the Cloudstrike Outage

On July 19, 2024 at 04:09 UTC, CrowdStrike released an update for ‘Falcon Sensor 7.11’ or above to Windows systems.  This caused a system …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories