It reconfirms itself in first place, the most feared cyber threat currently by companies. Ransomware continuously evolves by the type of victims chosen, the mode of action and the methods of redemption.
Nevertheless, for ease of implementation and due to the profitable results, it remains the most widely used malware.
In view of its rapid spread in all product sectors, the scale of the problem has now become collective.
Let’s see what are its dynamics and how you can defend yourself.
The dynamics of a Ransomware Attack
How does it work?
- The criminal enters the victim’s computer system, exploiting infrastructure, human and physical vulnerabilities.
- It performs Lateral Movements within the company’s, suppliers’, partners’ and customers’ infrastructure, extending the attack to the entire Supply Chain (Company Ecosystem) looking for critical data and back-ups.
- After the first study phase, while transferring in his computer a copy of the victim’s data, he encrypts the original ones. Then, he asks for a ransom before releasing the decryption key. A new practice has recently spread, Double Extortion: in case the victim does not want to pay the ransom, the criminal begins to publish the data on the Dark Web little by little, continuing to threaten the entire publication.
Every day new statistics are published on ransomware attacks, which sometimes are entirely incongruous: there is no official source, but only data from multiple sources. Generally, public data is partial because most attacks are not reported officially by the victims, due to very controversial aspects such as Privacy and Brand Reputation.
What are the consequences of a ransomware attack?
The consequences of ransomware attacks can be:
The consequences of ransomware attacks can be:
- Production Stops or other operational activities
- After two years of forced closures due to the Public Health Emergency, companies are terrified of suffering further suspension of activities caused by cyber-incidents. Possible damages could include: delays in deliveries or missed deliveries, down of online booking systems and online customer care, malfunctioning of online portals for public services, etc.
- Reputational damages
- Nowadays, every company gives priority to the defense and the care of its reputation. Every company is aware both of the damage that any accidents may represent at the economic level, and of the public perception and reputational damage that these events may produce.
- Financial loss
- In addition to the payment of the ransom, the economic losses also concern investments for the data recovery, and last but not least, the loss of productivity.
- Loss of production
- The time needed to complete the recovery of activities can provoke a production downturn, preventing the company, its employees and suppliers to carry out working activities, as well as creating additional costs and inefficiencies with delivery times of goods.
- Legal and ICT costs
- Technical teams take months to investigate, identify and mitigate an attack from a single cyber-incident. In addition, the costs of notifying a date breach and any possible legal fee to pay.
- Data loss
- Medical records theft, identity fraud, bank accounts credentials theft, company data fraud, are just some examples of data exfiltration.
- GDPR violation
- The company that has suffered the attack, must notify the data breach to the GDPR. In case of non-notification, the GDPR can sanction the company. It is also necessary to communicate the breach to all those directly concerned, the data holders, using the most appropriate and effective channels.
Possible solutions
- Continuous Assessment
- Threat Intelligence Activities
- Vulnerability Monitoring
- Anomaly Behavior Monitoring
- Development of Incident Response Plan
- Ransomware Attack Simulations
Technology Solutions:
- Two Factors Authentication
- Network Segmentation
- Regular Back-ups
People Solutions:
- Take the path of Security Awareness
- Take path of Cultural Transformation