Ransom seeking malware is nefarious and it comes in different flavors. The hedge of control is to hold hostage vital information within your network in exchange for compensation. Healthcare providers, financial institutions, and government entities have been the victim. Its variants and its methods are complicated means of affecting ways an entity accesses its information assets. Aside from and email variant which will be touched upon shortly, there are three predominant approaches to ransomware deployment.
As a software, it can be disguised so that it is accepted by the recipient entity including its employees. Its process involves disabling a network system serving as a lock which will prohibit access to valuable data in the subject entity. The process can involve encryption of the data so that no one can access it. There is one variant known to not interrupt access to the computers but the files that are used to process daily work operations are encrypted and not functional. The second variant of ransomware does not encrypt the files in the subject entity but is creates a block that prevents access to the data assets. Both are released, supposedly once the ransom is paid. The catch is that there is no guarantee of the release of the data.
How entities react to the possibilities of these events is important for purposes of assessing liability. Coordinated efforts between work groups within an entity is necessary. Obviously, we can consider the need to monitor the readiness of an entity’s network. But do entities consider their insurance coverage? Chances are that this is an area that is overlooked too frequently. It is a good step to have a designated person authorized to oversee the modifications and updates to an entities network. It is also savvy to audit the entity’s process to find vulnerabilities. The process has intricate aspects to assess in order to determine what steps are needed.
What is as well intricate is the communications network where emails are the source of sharing data assets within an entity. It is as well the predominant gateway. The variant which involves the intruder capturing sensitive emails possibly holding client trade secrets, financial information, medical records, etc., involves a blackmail technique of threatening to disclose publicly the held data assets. The critical aspect of ransomware efforts is that there is no say that even if the ransom is paid, and it is commonly seeking compensation in Bitcoin, that the data asset will be released and access restored. What is additionally troubling is the potential for the exerted cyber control to continue into other aspects of a system’s enterprise within an entity or in the aggregate seamlessly capable of intruding in broader cloud management functions.
Best practices touch upon the necessity of encrypting files while in transit and as they are stored. It is also prudent to have frequent and timely updates to detection systems. The larger the entity the more likely that access to vital assets is limited to the scope of assigned duties of employees. An entity should be proactive and train its employees on best practices and provide teaching points on what to look for and be aware of the risks and of the traps. All this is important along with information technology personnel working together with the administration of an entity in order to anticipate the event and what to do in the event of a ransomware attack. As well, it is crucial to review the entity’s insurance and determine if there is coverage for cyber extortion.