Breach

A Brief History of Ransomware

Ransomware is not that new, I remember back during the msblaster incident I said to a friend, it is a good job whoever wrote this worm was not evil because they would have simply encrypted or deleted all the data post infection. Hell, I can barely remember when that was, I think it was late 2003. Ransomware has been around since the 1980s but not quite in its modern form (it started with the AIDS malware scam). Fast forward to the mid 2000’s and criminals were using encryption but that wasn’t a norm and things only really started to take a bad turn around 2012/2013 with Cryptolocker. The next major global events were WannaCry, NotPetya and Badrabbit.

Wannacry was like msblaster on steroids and NotPetya was devastating. But these are just a few from many. Other ransomware includes TrickBot, Emotet, NetWalker, REvil, Maze, WastedLocker, Dharma, Sodinokibi, RyUK etc.

Since the early 2010’s through to 2021 ransomware is a global problem but the game of cat and mouse continues as it always has done criminals change their tools, techniques and practises.

Ransomware the last line of defence

The last line of defence against ransomware is backup! Offline, non domain joined and ideally with more than one copy offsite, backups are key to reducing the killer impact from ransomware. As ransomware incident volume’s increased however more and more organisations are getting their backup game together. That has however caused a shift in tactic by the criminals.

Extort all the things!

No longer do you just have to deal with loss of access to data, you now need to realise that the criminals are exfiltrating this data and will sell and/or release the data to the public in an attempt to extort money from you. This leaves a lot of organisations in a tight spot, most organisations do not even know what data they have, let alone if something in the trove stolen by the criminals is significantly harmful to their organisation.

New tactics, same evil

So, whilst none of this is particularly new that does not mean we should gloss over it. Organizations need to start smelling the coffee when it comes to cyber security. The risks are evolving, the likelihoods increasing, and the impacts can be devastating (from digital to physical)

Defensive Guidance

There is too much to go into a detailed set of recommendations however at a broad stroke here’s some food for thought to help you prepare:

  • Know your environment.
  • Know your data.
  • A backup is still seriously key as a last line of defence.
  • Have a plan for when things go south.
  • I do not like a lot of cyber military terms but this one works, drill! Practise, practise, practise your incident response plans against realistic scenarios. It will pay dividends when an incident occurs.
  • Try and prevent that from happening, a major incident is likely going to cost you far more than battening down the hatches.
  • Have the right tool. A legacy AV, users with administrator rights and no ability to prevent, detect or respond is going to leave you high and dry. There are some awesome technologies that you can layer to improve your security posture (just do not think a tool is a silver bullet, they do not exist!).
  • Insurance can help but read the small print!
  • Practise good cyber security, it is not new, and it is a quality bar for your organisation, if your customer market is not judging you yet on it, it will not be long till they catch up.
  • Security monitoring is something which so many orgs simply are quite shockingly bad at (it is hard to do so do not feel that is a dig). Get your logging and monitoring on point.

There is a reason maturity assessments and audits do not take two minutes. The landscape is vast, most organisations maturity levels are far from what they should be, and the world is moving at an ever-increasing pace. Whilst it is easy for us in the cyber industry to shout into the void, the realities for a lot of organisations are coming home to roost. Being hit with ransomware is not fun at all, let alone with a bonus payload of extortion added in.

Ransomware is not going anywhere soon because crime is not going away! Cybercrime will simply continue to evolve to challenge the defenders and to take what it can in new and innovative way! It is a game of cat and mouse and I feel that at the minute, most originations are more Jerry than Tom! Stay safe, stay secure and may the cyber force be with you!

Leave a Reply