40 Governments around the world crack down on paying out to ransomware gangs
29th November 2023 | Modified: 30th November 2023Categories: Security
The International Counter Ransomware Initiative (ICRI) has the backing and support of 40 countries from around the globe, to refuse any form of payment to cyber criminals, in an effort to combat the growing menace of ransomware attacks.
“
Ransomware attacks are the number one tool used by cyber criminals to steal money and data, which creates havoc upon the social apparatus of society. The ICRI is a US-led alliances that includes the EU, Japan, Israel, the United Arab Emirates, the UK and Singapore to name but a few, aiming to stop the practice of ransomware crime.
Don’t click on anything you don’t recognise!"
Ransomware is on the rise
Government agencies are at the brunt of such attacks, health care providers, schools, local authorities and critical social infrastructure departments. The ICRI is a shared response to a common problem felt by countries all around the world. The alliance is the first major attempt at protecting public safety and essential services.
With ransomware attacks up by 148% since 2021, it is not stopped by borders. The US is, by far, the hardest hit of all, receiving 50% of all ransomware attacks. Having 40 countries join forces together to respond and mitigate, will create a global resilience to the threat.
Typically, in a ransomware attack, cybercriminals will break into a network and place an encryption key on the system, thereby locking the user out, denying the business or government agency access to files held on their system, until a ransom payment is made.
If you don’t pay the ransom, your data could be sold on the open market to the highest bidder"
What can you do to protect your business
Sadly, if a organisation has not battened down all of its networks and is then been held to ransom by cybercriminals, historically, it’s been the practice that is easier for them to pay the ransom, than to suffer prolonged operational shutdown, as well as the reputational damage that follows after such an attack. The problem however, with this strategy, is that there is no way of knowing whether the cybercriminals have left your network, only to hold you to ransom later down the road. That is until now.
Socially engineered messages are clever, very clever, so, your business should be hyper-vigilant as to what you allow in"
How to protect against ransomware
- Education, education, education. Make sure your team understands what the impact of a ransomware attack can do to your business. Typically, ransomware is delivered by phishing emails. So, make sure your team has more than adequate and ongoing training about what to look for in an email, and thereafter, what to do if they suspect it is.
Socially engineered messages are clever, very clever, so your business should be hyper-vigilant as to what you allow in. Training and constant education will reduce your exposure to an attack.
- Backups. Automated, simple, protection as part of your process to reduce the impact of an attack when it happens. Backups are key, as they not only protect against cybercriminals, but if you have a hardware failure, virus attack, or should a natural disaster happen, a power failure, or just plain old human error, backups ensure the security of all the IT assets of your business.
- Patching. This is often forgotten, but it’s actually a key component to defending any potential ransomware attack. Cybercriminals will look to exploit any holes in software. Looking out for the latest patch releases will go some way towards protecting you against unwanted intruders.
- Reducing your attack surface. Strong authentication, strong passwords, 2FA or MFA. When you sign into an account, it’s called authentication. Everyone is used to the username and password model. The problem, however, is remembering all those passwords, so users tend to keep passwords simple so that they can remember them. And that’s the problem.
With 2FA or MFA, you’ll need to provide a second element of proof, like Microsoft’s Authenticator App, a fingerprint, facial recognition, or something else that says you are really who you say you are digitally.
- Remote Desktop Protocol (RDP) Attacks. They are a popular attack vector for ransomware. Since COVID-19, lots of organisations have allowed staff members to work from home. RDP is a network protocol that allows users to work remotely. It’s great for access to the same computer or server, and sharing data and applications easily.
However, there are inherent vulnerabilities in using RDP, and cybercriminals look to exploit these with weapons like port targeting, smart card hijacking, or Distributed Denial of Service attacks (DDoS). So, using strong secure passwords, two-factor authentication and up-to-date patching, will help prevent these problems.
The key to recovery is putting together a ransomware response plan"
Conclusion
At CNC, we can help you reduce the attack surfaces of your business. Call us now on 01273 384 100 for more information, or email sales@cnc-ltd.co.uk.
CNC – helping you to protect your business.