Ransomware attacks are not a scare tactic that the security industry is using to convince organizations into funding more security tools. It’s a real scenario. A few weeks ago, a global ransomware attack, WannaCry, hit and recent evidence discovered by the Symantec research team is now pointing to North Korea as the culprit. Organizations have been scrambling since the first indication of WannaCry on systems in February. Most organizations are simply not prepared. The EDGE360 team sat down with Bryant G. Tow, Managing Partner of Cyber Risk Solutions LLC, to discuss the price to pay when ransomware emerges.
Here is how easily it can occur: One of your senior IT executives calls into your data center to ask for the system to be opened up. For your organization, this is a routine request – there is no change management protocol, no approvals needed and no back-out strategy in place. The data center employee who answers the phone says, “Sure,” and then opens up the system.
His new password? “Backup1.”
If this type of scenario seems implausible – after all, the missteps here are too numerous to count – think again. According to Tow, this very thing happened to a client recently.
“The combination of the lack of change management and a weak password, among other things, blew a hole in the system,” Tow said. “The bad guys got into system, which by the way, had domain admin access. They were able to punch a hole in the firewall and owned the entire system.
“They proceeded to wipe the backups, then wipe co-location data and then encrypted real-time data,” he said. “And there was nothing that anyone could do but watch it happen.”
This nightmare scenario is the new face of ransomware. Previously, ransomware attacks were more of a shotgun approach with the perpetrators blasting out thousands or millions of emails in a single spam to see if someone would click. If someone clicked, they would encrypt the data and then sell it back for a ransom.
“Over the past three months – and even more so in the past five to six weeks – we are seeing ransomware that is much more targeted,” Tow said. “They gain access, and, instead of exfiltrating data, they infiltrate the ransomware. They go over the backups first, the co-locations second, they encrypt the data – in this case, all 50+ terabytes of it – and then they let you know about the ransom and how to pay it.”
The way this new targeted ransomware is getting in is through a hole in the Ring of Security – not on the technology side, but on the people or processes side, according to Tow.
To learn more about today’s new ransomware threats, listen to the entire interview with Tow below.