Don’t be hostage to ransomware!
In his Cyber Talk presentation, Edwin Weijdema, Global strategist product strategy at Veeam, offered an in depth insight into today’s ‘advanced ransomware attacks’. Including some why’s to pay attention: there’s an attack somewhere worldwide every 11 seconds; average payment is 180.000 USD (mainly in bitcoins) and company downtime is on average 16 days!
A ransomware attack runs through six stages. First is observation: gather information about a possible point of entry, from all possible sources (including social media and e.g. LinkedIn). Next is ‘sneaking in’, usually through phishing mails (including spear phishing and whale phishing: going for the top profiles). Once in, ‘setting up’ prepares the information environment for continued attack, followed by ‘elevate access’ to increase the number of accessible systems. One stage also involves the attackers ‘crippling the recoverability’ (e.g. thwarting BU and recovery procedures). And finally, ‘ransom declaration’: you get the ominous message on your screens. As an example, Edwin Weijdema describes an attack from Oct 15th till Dec 23rd 2020, on which date 267 servers were encrypted in 25 minutes time. Interesting advice: don’t contact the attackers immediately after the appearance of the message, buying yourself some additional response/recovery time.
Ultimately, it also depends on your measure of preparedness, particularly regarding recovery. Be prepared to restore 100% of a valid ‘100% BU’, in a tested business continuity and recovery process!