Year: 2021

Ransomware – Should the Ransom be Paid?

by
Ransom

Ransomware attacks remain a continuing threat to organisations as ransomware gangs introduce new strains which make them difficult to defend against.

http://cyberbrokers.co.uk/ransomware-is-still-a-real-threat/

With ransomware attacks comes the inevitable ransom demand. These demands in the early days were only a few hundred dollars and this has now developed into a multimillion dollar business for hackers.

Ransomware as a service (RaaS) is a subscription based model that allows other hackers to use already developed ransomware tools to carry out ransomware attacks.With this brings an increase in attacks together with an increase in the threat landscape and of course the actual ransom.

Should the ransom be paid?

Every organisation will have their own views on this and whether the ransom should be paid to the hackers or not. The type and severity of the ransomware attack will be the main factor as to how the organisation will wish this to play out.

What also is at stake – is it theft of data , is it loss of manufacture or it the use of the company website? All will have some form of financial implication.

Are there back-ups in place , are these isolated from the network and are these still secure ?

The role of insurance

If cyber insurance is in place the policyholder will advise their insurers  of the attack and they will appoint a forensic investigator and a ransom ware specialist from their vendor panel.

These two parties will ascertain the extent of the incident and also as to whether there is collateral damage in that a sideways attack has taken place where data is already being extrapolated and in place to be distributed on the Dark Web or the public domain.

The decision to pay

If the position is that the data cannot be retrieved through back-up or it is not possible to return the business to near normal functionality it may be necessary to pay the ransom.

Some of the possible implications of paying this are as follows:-

The hackers will not provide the encryption code

The data still not be released

A further ransom could be demanded

Paying the ransom

If cyber insurance is in place the specialist ransomware vendor will organise the ransom payment to the ransomware gang in Bitcoin currency via a Bitcoin account set up on the business’s behalf.

As a result of the high incident of ransomware attacks there are signs that cyber insurers are restricting coverage. A number of insurers are introducing coinsurance but recently Axa in France have decided not to provide coverage for the payment of ransoms for policyholders in France.

https://www.zdnet.com/article/axa-pledges-to-stop-reimbursing-ransom-payments-for-french-ransomware-victims/

Long term effects of paying the ransom 

  • The hackers could return to make subsequent ransom demands
  • The business could gain a reputation for paying a ransom and other ransomware gangs will try their luck
  • The original malware planted remains in the network and hackers return to exploit any vulnerabilities

The payment of a ransom following a ransomware attack is likely to be the last resort of a business but if robust cyber security is in place it provides every chance of having to succumb to the demands of hackers.

Image : Shutterstock

Remote Working – Is Your Data Safe?

by
Data Safe

Keeping data safe in the current climate with a significant proportion of the workforce still working from home is one of the biggest challenges faced by individuals and the business world.

Covid-19 has bought about many changes to our daily lives and highlighted how important it is that data is adequately protected from being compromised inadvertently or from a cyber-attack.

We deal and handle enormous amounts of data at home and at our workplace and this is now concentrated at one place in our remote locations.  The security of this data is therefore more vulnerable with reliance on individuals as to how they take precautions to protect this data.

The ICO have recently posted their top ten tips to help make data secure whilst working from home.

https://ico.org.uk/for-organisations/working-from-home/how-do-i-work-from-home-securely/

  • Follow your organisations policies, procedures and guidance
  • Only use approved technology for handling personal data
  • Consider confidentiality when holding conversations or using a screen.
  • Take care with print outs
  • Don’t mix your organisations data with your own personal data.
  • Lock it away where possible
  • Be extra vigilant about opening web links and attachments in e-mails or other messages
  • Use strong passwords
  • Communicate securely
  • Keep software up to date

Phishing

It is very easy to inadvertently provide data and one of the most common methods that hackers use is that of phishing. Keeping data safe from such techniques means that you have to be extremely vigilant. Clicking on an e-mail link where you are uncertain of it’s origin could lead to your personal details being divulged.

With this data it is possible for hackers to build up a comprehensive profile of an individual. This can lead to identity theft and subsequently fraudulent activity on bank accounts, the application for jobs and a whole variety of scams that could lead to financial loss to an individual.

Keeping data safe is a constant challenge – our mobiles are used as much if not more that our wallets or purses and we tend to use our mobiles far more and with this increases the dangers of safeguarding data.

Image : Shutterstock

Solar Winds Blows Cyber Chill

by
Solar Winds

The Solar Winds cyber-attack at the end of last year was a great example of the implications that this type of incident can have on the supply chain of an organisation.

Background

Solar Winds are a major US IT firm which provide software globally to Fortune 500 companies and the US government who regularly send out updates to their customers.

What Happened ?

During one of the updates Solar Winds inadvertently sent out updates that included a code that had been hacked. The code it is understood was added into the computer system “Orion” which is primarily used by firms to manage their IT resources. This particular system has 333,000 customers.

This created a backdoor to many of their customers computer systems which once in hackers installed further malware.It is understood that the attack took place for a number of months before it was discovered. It has been reported that 18,000 customers installed these updates which contained the malware.

Worst was still to come when US government agencies updated Orion’s software with the vulnerability being utilised to install Supernova and CosmicGale malware.This ultimately allows a hacker to  use remote code on the Orion software.

Who Was Impacted By This ?

The most highest profile company to be affected was FireEye who is a leading cyber security firm. Other companies including Microsoft, Cisco, Intel and Deloitte.

In addition to this a number of US government departments were compromised including the Department of Homeland Security and Treasury Department.

Who Carried Out The Attack ?

It is believed that Russian group SVR were behind this although some sources believe it may have been a Chinese targeted attack. No one is sure.

What Damage Was Caused?

Numerous e-mail accounts were broken into giving the hackers access to information contained within these.The accounts of the US government departments announced that only unclassified information  was compromised.

Impact On The Supply Chain

With many computer systems being accessed the task is to try and secure these and the time it will take to carry this out.

Many companies rely on companies for services be these IT related or otherwise and when these are compromised the implications of a cyber attack can run through the entire supply chain.

How Can Cyber Insurance Help ?

This form of insurance can provide many benefits for an organisation hit by such an attack.

The policy provides 24/7 emergency responses access to a specialist panel of vendors who have the specialism and skill set to manage and help with incidents such as these.

For example a forensic investigation can be carried out to ascertain the extent of the attack and if data has been compromised. Costs associated with subsequent claims by individuals and legal fees can also be covered under this policy.

Image : Shutterstock