Ransomware isn’t a new phenomenon, but it’s effects are starting to be felt more widely, and more deeply than ever before. Behemoths like CTS , LG, XEROX , INDIA BULLS , Australian Toll Groups , MITSUBISHI, HONDA have all been hit in recent time, and the list is growing.
Maximum percent of companies infected were running up-to-date endpoint protection, which tells us that the problem lies somewhere else. Human error, loose passwords, and lax authentication protocols all contribute to higher risk.
Let’s walk through a typical ransomware attack to understand how attackers gain access to your company’s most valuable asset: unstructured data.
Step 1: Identify a vulnerable network using sophisticated tools to detect and probe networks for lax security protocols, unpatched software, or single-factor-authentication.
Step 2: Scrape user password off the dark web. There are billions available.
Step 3: Use a third-party site to verify the stolen password. Check against data on a common social media site such as LinkedIn.
Step 4: Obfuscate their location by logging in via 50+ worldwide proxies.
Step 5: Pull down your proprietary data, encrypt it, and spread it across the blockchain in data centers across the globe.
Step 6: Demand thousands of dollars for the safe return of your data and cripple your day-to-day operations in the meantime.
This whole process can happen right under your nose. If you decide not to pay, your data may disappear forever. If you don’t take steps to address the underlying vulnerability, it can keep happening over and over.
There are some common-sense approaches to data governance that can help keep data from being hijacked.
First, strong passwords are the first line of defense. Two-factor authentication and a good password manager should be the default posture of every organization.
Second, basic data hygiene and consistent permissions monitoring can limit which data is accessible to a bad actor who logs on with valid credentials.
Third, you must be able to monitor accounts for unusual behavior. When users are suddenly accessing massive amounts of data or downloading hundreds of files at a time, admins need to know.
Finally, ransomware detection should be part of the security posture. This includes scanning unstructured data for suspicious or altered file extensions, known ransomware signatures, and detection of “ransom note” content inside the repository.