Ransomware is malware used by cybercriminals to block or encrypt the victims from accessing their data either in their hard drive or on the network. The motive is to make the victim pay a ransom to get the decryption key. If the ransom is not paid, the victim loses access to his data.
The most popular attack vector for ransomware is email phishing. The attacker sends out thousands of phishing emails. As soon as the recipients click on a link or open an attachment, the ransomware starts encrypting the device and gains access to everything the user has access to.
This type of incident is extremely critical since most organizations rely on their data to operate. We have witnessed two major targets of ransomware in the recent past – Healthcare and Government Municipalities. Attackers target these kinds of organizations because they don’t have protection against ransomware. In both these types of organizations, consequences can be as worst as people dying. If the organization fails to mitigate the ransomware, there is no choice but to pay the ransom and hope for the decryption key.
Many health care organizations have PACS in their system to collect images from medical devices and present them to the doctor. The absence of such data means that the doctor can’t possibly help the patient. This results in hospitals going on divert and patients not getting necessary treatment leading to severe health issues.
To prevent such incidents, organizations must engage and hire staff that understands the technical concepts and determine how ransomware works. Users must be on an isolated network and device to access data. Although this sounds easy, isolating an existing network can be risky and difficult. Data backup is an important action to mitigate ransomware. If you can protect your data from ransomware, you can restore the impacted data without paying the ransom.
In conclusion, it is the absence of these common controls that allow ransomware to be such a huge threat. If the network is properly isolated and organizations maintain proper backup ransomware would not be a big deal.