Subscribe

Can you spell ransomware?

By Dylan Nel, Head of Vendor Engagement, Cyber Retaliator Solutions. “We are all security officers, and if we do not act like it, this is where the hackers will focus on our vulnerabilities, that is, individuals.”

Johannesburg, 23 May 2022
Dylan Nel, Head of Vendor Engagement, Cyber Retaliator Solutions.
Dylan Nel, Head of Vendor Engagement, Cyber Retaliator Solutions.

Is ransomware a proper noun? Ransomware is malware that holds the data of a computer user for ransom; it is software that is released as open source, only in exchange for payment.

After an explosion of ransomware in the mid-2010s, there was an inconspicuous decline; however, with the obvious plague that has poisoned the planet on many things social in the physical sense, the rise of transfer of data since 2020 has left doors open to all but the hooded hacker. In its annual crime report, the FBI received nearly 2 500 ransomware complaints in 2020, up about 20% from 2019, according to its annual Internet Crime Report. 

So how do we, as companies, end-users, people of the earth mitigate this epidemic that plagues a cyber security engineer's nightmares? South Africa alone has seen an enormous rise of late. Although I can quote numbers and stats, all it takes is to open a news site and there is guaranteed literature on the subject, ranging from the latest attack to how to prepare yourself against an attack. It is top of mind, and it should stay this way.

Business Insider in 2020 reported that South Africans suffered 577 malware attacks per hour. It seems no one is safe – public sector as a whole, SMEs and enterprise – everyone is a target.

It comes down to a multi-layered defence. In days gone by, all that was a required was a firewall, an anti-virus and some intermittent patching. Today it starts with the end-user; the age old ID10T error now pertains to breaches also. We need to know what we are doing, what not to open, what not to click, when an e-mail is legit and when to notify a network admin that we have possibly received a malicious e-mail. Sporadic phishing simulations are a must, if only to keep us on our toes, but then again user awareness cannot be overlooked. All of this on top of getting through our 9-to-5 unscathed. We are all security officers, and if we do not act like it, this is where the hackers will focus on our vulnerabilities, that is, individuals. Security starts at the front door, physical access control all the way to spam filters, but in the end, it comes down to one thing: will we be caught or will we return fire?

Further steps would be vulnerability assessments, pen testing and then some more. Vulnerability assessments should be ongoing, and the reports should show a decrease in your network's vulnerabilities, or else the mission is futile. Think penetration test, think domain health scan, think vulnerability assessment, think safety and then, when it is all said and done, think again, start over, think penetration test… a good report on this should consist of hundreds of pages with a high level three- to five-page executive report for the guys upstairs, if there is still such a thing, come to think of it.

If all else fails, your endpoint security should be up to scratch. Not all of these are the same; the legacy solutions, although still as relevant as ever, just don’t seem to cover as many threats as they did 10 years ago, as the number of threats has also increased tenfold. In today’s environment, a decent endpoint detection and response (EDR) system with active threat hunting and anti-malware is essential. Even the most sophisticated system can fail, but an EDR will get you close to home, as long as it does its job. The system should be AI-driven but will always require the human interaction. That being said, the number of events an analyst is required to inspect per second, per minute, per hour, is more than the average person should count. Hence, the two go hand in hand, an AI-driven EDR system, further driven by analysts... note the plural.

And then we wait, an attack is imminent, and the attacker is bound to find the one hole we have not covered.

I leave you with this: my grandfather turned 75 last week, he did not fight in WW1 only to be caught out like this – (stolen).

Want to find out more? Visit The CRS Stand (7C) at the ITWeb Security Summit 2022, to be held from 31 May to 2 June at the Sandton Convention Centre. And don’t forget to add your name to the draw for the R12 000 golf set giveaway.

Share