Why are you interesting for Ransomware?
Reports of ransomware reach the news almost daily. How did this come about? What are the chances of my business being affected by ransomware? What are the consequences of an attack? How can this attack be prevented? This and subsequent articles provide answers to these questions and more.
What exactly is ransomware? A short description; ransomware is hostage software that encrypts computers with an encryption algorithm. Once a company is’ locked', the criminals behind the ransomware ask for a ransom. This usually involves a payment in the form of Bitcoins for the key, so that the company can continue their work.
Transition to a digital world
Over the past 20 years, a huge transition has taken place to the digital world. Computer systems help us with all kinds of things, such as complex calculations, accounting and working from home. These benefits also apply to attackers. For example, a burglar no longer has to physically go to a bank, but crimes can be committed behind a screen via the digital infrastructure. This article discusses two aspects of the digital world that are being exploited to extort companies/individuals in the form of ransomware.
The digital extortion hostage: Data
The first aspect concerns the collection of data on digital systems. In general there are two different types of data; personal data and company data. The latter includes, for example, system settings, business processes and administrations. In other words, all the data necessary for business operations. In the case of personal data, it concerns all data related to persons that are stored. The storage of data is so comprehensive in our current digital age, that it is interesting to ask the question: "what data is not stored about me?”. Although examples can be found, this list is significantly smaller than the list of things that are stored digitally. Think, for example, of the large multinationals that keep track of your browser and location history. This data is stored in bulk and is easier to retrieve compared to the past when it was dozens paper data. Malicious parties can use your data to commit identity fraud, resell it online or extort you.
The result: business contiunity.
A second aspect of the digital world is that every company has become an IT company. The average company cannot function without digital systems. This applies not only to the employees working in administration, but also to the production floors that are now fully digitally connected via IT systems. Even the small crafts have a dependency; assignments and payments are carried out digitally. It is clear that society depends on digital systems. Ill-wishers know this and mercilessly abuse it.
How does this come together?
The first step for ill-wishers is to get inside the gates of the castle, that is, to gain access to the internal network. Common methods are exploiting outdated vulnerable systems, or systems that are updated too late, retrieving passwords through phishing campaigns or brute-force attacks to take over VPN/RDP accounts with weak passwords. Once inside, the attackers go on a reconnaissance and try to get the highest privileges within systems. Once the highest privileges have been obtained, the first step is to transfer data. With the ultimate goal 'blackmail'. The next step is to 'lock down' the company by encrypting all systems and deleting backups where possible. With this, the attacker has an ultimate means of pressure: threatening to publish sensitive data, blocking the systems and making the recovery impossible.
In summary, due to digitization from all over the world, attackers can take your company hostage and make money on this. They do this, among other things, by locking your company and stealing data. The following articles will discuss what measures can be taken to become more resilient.