The threat of ransomware - customer surveys next?
Ransomware may not get quite the same coverage in media as it did a few years ago, when Cryptolocker was wreaking havoc around the world and causing hospitals to shut down. Maybe it is because the attackers are not necessarily interested in publicity, they just want money (Bitcoins, to be specific).
Ransomware is a peculiar piece of Internet history. Using legitimate technologies such as encryption software and Remote Desktop Protocols constructed for or with security in mind, hackers can – seemingly easily - bring down whole organizations. If your backups are not in order and offline, restorations can be very costly. Paying the attackers often costs only a fraction of this, as when Connecticut City paid $2000 for restoring their systems.
The FBI urges organizations not to pay ransoms, as the ransom money goes directly to the development of new ransomware. If you do, they also argue, you may not actually get your money or data back as the bad guys cannot be trusted. However, it is of course not that simple. If it were to get out that paying your ransom will not save your data, the hackers would lose their whole business model.
To get an insight into how well some of the organizations that attack using ransomware can be, I recommend this article. Alina Simone, a blogger for New York Times, describes how her mother was hit by ransomware and decided to pay. However, paying in bitcoins can be tricky for a non-tech-savvy person. Not to worry, the criminals guided her every step of the way. The article is a rare description of the excellent customer service provided by criminals, whose business is just as dependent – if not more – on reputation as your average online shopping platform. The next step will probably be customer surveys sent out after the heist.
So, what can organizations do about ransomware? Again, the FBI has some good advice.Keep your things patched, make your staff aware, filter out all the bad stuff (but none of the good), back up your systems continuously – preferably to off-line backups as well as online. It all boils down to “do everything right, all the time”. But no organization can manage that.
How can securiCAD help with ransomware? Well, as we have written in previous posts, complexity is the main enemy (apart from the bad guys). Nailing down your golden eggs is the first step: what information must not be locked away outside your reach by ransomware? Once you know that, you can model the architecture and run threat modelling on your infrastructure, cloud environment or systems to see where the attacker is most likely to hit. Knowing that, you may then implement all the recommendations from the FBI and other organizations in a relevant, cost-efficient and effective way.
Maybe then you won’t be an involuntary victim of great, criminal customer service…
Article by: Jacob Henricson, Head of Risk Services, foreseeti
securiCAD is the world leading tool when it comes to design case threat modeling, IT risk assessment, and automated modeling and security analysis. The approaches employed in the tool are inline with the most recent research in the field, taking place in Stockholm at KTH Royal Institute of Technology.