Criminals have been leaving ransom notes even before technology had ever evolved to the standards of today. Leaving a demand for a sum of money is not a particularly new criminal tactic as kidnappers have and still do so. The concept of ransomware is similar but applied to the world of technology.
Fun Fact! According to Jeff Lanza, a retired FBI special agent, the first-ever known ransomware attack was orchestrated by an AIDS researcher in 1989 using a floppy disk. In a Veeam hosted webinar, Jeff Lanza joined Keith Sng, Senior Systems Engineering Manager at Veeam Software SEAK, to discuss the progression of ransomware and how organisations and individuals need to be more vigilant about protecting their systems.
With a law enforcement agency background, Jeff was able to discuss the threat landscape giving viewers a little bit of insight into why agencies cannot stop ransomware attacks. As a high-profit, low-risk crime, ransomware has gone unchecked in the world of cybersecurity. With no way to ensure that ransomware criminals are punished, they run rampant and wreak havoc on the victims they target.
Why, may you ask, can’t law enforcement stop these attacks? The answer lies in the fact that many different types of threat actors exist in the ransomware ecosystem. First, you have the individuals that purchase toolkits to conduct ransomware attacks. Then you have groups, nations, and organisations looking to gain monetary compensation or intellectual property from accessing their targets’ systems. When dealing with other countries, sometimes the people behind the crimes are in some way or form interconnected with their government making it impossible to detain and prosecute them. The use of Bitcoin does not in any way help as authorities have no paper trail to go off of when going about their investigations.
“Criminals don’t have a heart, they don’t have a conscience,” states Jeff concerning the increase of cyber attacks directed at the healthcare industry during the pandemic. Instead of giving hospitals and researchers a reprieve, cybercriminals have taken full advantage of their desperations to keep operations running by extorting these organisations.
Concerning the location of said attacks, Jeff comments, “They’re not limited to one particular country.” Pointing out the recent ransomware cases that have struck Singapore, Malaysia, Indonesia, Vietnam and Thailand. With Indonesia and Vietnam leading in the number of cyber attacks in the ASEAN region.
Jeff emphasised that encryption of your files can happen almost instantly as an employee on your network clicks on a button or opens a suspicious email. Stressing the severity of a ransomware attack in the demands that threat actors send after encrypting your files. Fulfilling their ransom demand does nothing to ensure the full recovery of data, and many organisations that end up paying are forced to spend even more on data recovery. The money spent by victims to pay ransom fees may then fund other unsavoury criminal activities such as terrorism, human trafficking and narcotics.
To stay safe amidst the barrage of ransomware attacks, Jeff and Keith enlightened the audience regarding the preventative measures that need to be taken.
Encrypt your backups.
Separate account and permissions.
Create a culture of security.
Update incident response plan to include ransomware.
Strong passwords with multi-factor authentication.
Keep systems updated.
The session went on with Keith elaborating on Veeam’s ransomware capabilities in terms of identification, protection, detection, response and recovery. Their cybersecurity defence strategy uses people, processes, and technology to protect its customers’ critical, growing and sprawling data. In line with the NIST Cybersecurity Framework, Veeam’s cybersecurity capabilities fulfil the five elements of the framework.
Veeam has upgraded the 3-2-1 backup rule to a 3-2-1-1-0 backup rule. In which companies should keep 3 copies of data in 2 different media with 1 offsite copy and 1 offline air-gapped/immutable copy, ensuring that there are 0 errors after automated backup testing and recoverability verification.
In terms of ransomware protection capabilities, Veeam offers a capability suite for its customers with immutable backup, secure restore of virus-free workloads, assurance of ransom-free backups, secure workload testing and ransomware detection through a combination of Veeam Backup & Recovery and Veeam ONE.