RansomWeb Kicks the Problem of Ransomware Into a Whole New Gear
RansomWeb is a new ransomware variant that can hold an organization hostage by encrypting entire databases, putting their entire Web presence at risk and making it unusable until a hefty ransom is paid. GDF’s founder weighs in on the threat posed by ransomware and talks about the benefits of regular, professional testing in fighting sophisticated attacks like these.
With the success hackers had last year with CryptoLocker, malware which encrypted personal files on a single computer and then demanded payment from the user for the key necessary to decrypt the files, it was only a matter of time before even more malicious variants reared their ugly heads. Well, it looks like that has finally come to pass. Last week, on January 28th, Forbes reported on a story about a Swiss security firm that identified an attack that didn’t just affect a particular computer, but rather it went after the targeted financial organization’s entire Web presence, quietly encrypting their entire database over six months after hackers exploited an application. Once they “turned off the lights,” a demand for ransom quickly followed.
This type of attack actually highlights a couple weaknesses that many organizations have,” says Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City. “First, you have the weakness of the application which was initially exploited, and then you have an attack longevity issue, six months of undetected operation, which in this case allowed for enough time for the regularly performed backups to be eventually replaced with the altered databases. Affecting the backups is especially problematic in a ransomware attack, because recovering from backups is often the only resort, next to paying the ransom and crossing your fingers that the attackers will actually release the decryption key to you.”
“One of the biggest issues with Web applications is the blind trust many organizations put into the designers from a cyber security perspective,” warns Caruso. “Because in truth, very few app designers really have the background and expertise in cyber security necessary for their apps to stand up to today’s constant onslaught of cyber threats. Their objectives are designing apps that increase efficiency and/or provide convenience, for either the organization internally, or for their customers’ experience. We provide application security testing expressly for this reason, putting an app through the ringer with both eyes focused squarely on the security aspect. If an endpoint app isn’t secure, for instance, it can be a wide open door for attackers to gain access to all sorts of digital assets, which can obviously translate into all kinds of mayhem for the victim.”
Professional scanning and penetration testing performed regularly are paramount for survival in today’s cyber threat landscape
“Effective cyber security will never be in the cards for an organization that approaches it with a set-it-and-forget it mindset,” says Caruso. “Threats change, technology changes, applications and other software are continuously upgraded and changed, personnel changes and a myriad of other variables make digital environments anything but stagnant. It’s the chaos hackers thrive on. That’s why performing deep scans and penetration tests at regular intervals is so important, the more frequently the better. Otherwise, you are basically allowing hackers an opportunity to have free reign on your network for large chunks of time. Yearly is really the absolute bare minimum, bi-annually is obviously twice as good and quarterly even better. We can actually scale penetration testing packages so they cost less individually when an organizations makes a commitment with us to perform them more regularly. We can do this because of the familiarity we will gain with an organization’s data structure, equipment and things like data flow, how everything is tied into the daily operations, familiarity with existing policies and procedures in place and these kinds of things, which we will have to thoroughly go through during the initial testing. This familiarity makes it easier for us to see exactly what is going on, understand what has changed and what needs to be changed, and generally speed up the entire process. In turn, it allows us to not only pass those saving on to the client, but make them that much safer in the long run, especially against long term events, which are usually the costliest for an organization to overcome.”
Relying on luck is a dangerous game to play when it comes to cyber security. Getting the right professionals involved early and often? Now that’s smart business
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.