12 Days of Cryptmas: Day 3 – Three ransomware demands

Ransomware essentially falls into two categories – encrypting your data and demanding payment to release access or exfiltration of personal or sensitive data and demanding payment to ensure the data is not released.

The goal in either scenario is to ransom payment from you. Threat actors will typically deploy malware to endpoints or infrastructure in the form of executables that will give the threat actor access – from there, depending on the executable, it will either automatically run scans to identify vulnerabilities and personally identifiable information or connect remotely back to the threat actor giving them access to your environment.

At this point, threat actors will follow two paths of activities – trying to gain access to other parts of your environment and/or trying to elevate their own permissions in your environment to gain access to more areas and information.

Once threat actors have gone as far as they can, they will execute malware that either extracts information and/or encrypts data. They will then send notifications, leave messages on drives in notepad documents, and call company directors asking to negotiate – anything they can do to make it clear they have control and their demands.

Naming and shaming on public websites is a new tactic to try to ensure payment, along with tight deadlines to make decisions and take action before data is released to the public or to the highest bidder.

An effective and inclusive cyber insurance policy not only ensures financial reimbursement and coverage in these events but also assistance in navigating the restoration process and legal processes involved in breaches.

Effective back-ups are the best defence against data encryption events – as best practice is always to restore data and never use keys to unlock encrypted data.

Finally, an effective cyber security strategy involving multiple layers of proactive and reactive cyber security solutions will stop threat actors before they gain access to your environment or stop them from gaining more access or exfiltrating information if they can breach.

This time of year can be stressful; Your bank account doesn’t need the added stress of giving presents to scammers. Contact Netier today to discuss how we can help manage security for you.