We use cookies to improve your experience and optimize user-friendliness. Read our cookie policy for more information on the cookies we use and how to delete or block them. To continue browsing our site, please click accept.

Tips for Ransomware Prevention – Don’t Fall Victim to the Most Wanted Cyber Criminals

Imagine sitting down to your computer to start work for the day and after you log in, you realize you’ve been hacked. The company’s system and data are compromised. And now, the cybercriminal is demanding $2 million to unlock your system and restore your data. Unfortunately, falling victim to a ransomware attack is becoming increasingly common. Ransomware prevention needs to be top of mind.

Ransomware attacks are continuing to rise at an alarming rate, but it is still an emerging market for cybercriminals and nation-state actors. Cyber criminals work hand-in-hand with nation-state actors. The sophistication of these attacks will continue to rise while the ecommerce boom raises ransom demands.

It is important to note that not all cyber threat actors’ motives are for financial gain. Even if the cyberattackers’ motives are for financial gain, consider that the ransom demands may simply be too high or your company or another third party simply cannot pay the ransom. And even if you were able to pay the ransom, there is no guarantee what you’re paying for will be fully restored.

Did you know that if you and/or another party does pay the ransom, you may be facing fines of up to $20 million?

Ransomware: Pay or Pray?

According to the U.S. Treasury’s Office of Foreign Assets Control (OFAC), facilitating ransom to sanctioned hackers may be illegal and companies may be punished. The Financial Crimes Enforcement Network warned that facilitators could be prosecuted even if they or the victims did not know that the hackers demanding the ransom were subject to U.S. sanctions. This makes incident handling much tougher and makes ransomware prevention (i.e., proactive assessments and continuous monitoring to avoid impacts) even more important. The U.S. Treasury Department is effectively freezing property and interests on particular cybercriminals and cybercrime groups, thus, making it a crime to transact with them.

Cybercriminals which have been sanctioned and are closely tied with ransomware and malware attacks across virtually every industry include but are not limited to:

  • North Korean Lazarus Group aka Bluenoroff aka Andariel, created by the North Korean Government in ~2007 and involved in the WannaCry 2.0 ransomware attack in 2017. Wannacry affected at least 150 countries around the world and shut down approximately 300,000 computers. Lazarus Group, Bluenoroff, and Andareil are controlled by the Reconnaissance General Bureau (RGB), North Korea’s primary intelligence bureau, which manages the state’s clandestine operations.
  • Ali Khorashadizadeh and Mohammad Ghorbaniyan, Iranians with ties to the SamSam Ransomware Attacks.
  • Evgeniy Mikhailovich Bogachev, the developer of Cryptolocker, which the FBI placed a $3 million bounty on this malware author.
  • Evil Corp, a Russian cybercriminal organization and associates, using malware to extract more than $100 million for victim businesses. The FBI placed a $5 million bounty for information leading to the arrest and conviction of a Russian man involved in this ring.

Effective Mitigation of Cyber Impacts like Ransomware

Trust, but verify! Typically, the cyber threat actors noted above successfully infiltrate networks through backdoor intrusions and phishing. To boost ransomware prevention, consider adopting multifactor authorization, ‘zero trust architectures, and appropriate security control frameworks.’

Is cybersecurity expensive? No, it’s scalable to the organization; but like everything in life, there is a cost. Organizations that have been impacted often go on a shopping spree buying all kinds of security appliances and devices. Buying sprees do not equal better security; it only guarantees increased spend and in many cases wasteful spend.

Ensure proper oversight as a ‘check and balance’ against your IT staff, processes, technology and infrastructure through threat emulation penetration testing. Threat emulation penetration testing combined w/a Virtual Chief Information Security Officer security gap analysis will allow your organization to make well informed decisions.

During essential threat emulation exercises, certified and authorized hackers attempt to hack your environment. Additional ransomware prevention measures include but are not limited to implementing a bug bounty program, conducting incident response exercises, and ensuring 24/7/365 monitoring of the IT environment.

If your business does not have a Chief Information Security Officer (CISO) / Chief Security Officer (CSO), that is usually a red flag. Consider filling this gap with a qualified virtual CISO / CSO. Outsourcing this important role is affordable (including for small-to-medium sized enterprises) and has several advantages, e.g. higher qualifications and experience for the spend, cost savings over a full time employee, helps align and define your security strategy, significantly reduces cyber risks, helps eliminate groupthink and wasteful spend, among many other advantages over a full time position.

If you are missing any of the above and want to know if your business is genuinely cyber secure, contact Withum’s Cyber and Information Security Team to find out more.

Cyber Information and Security Services

Previous Post
Next Post
Article Sidebar Logo Stay Informed with Withum Subscribe

Get news updates and event information from Withum