Alexander Lewis
Cyber Assessment Services Technical Practice Lead
Ransomware is not a new phenomenon. Here at Softcat we’ve seen ransomware becoming the ‘old faithful’ of next generation threat actors, in a similar spirit, the design of the toilet roll hasn’t changed since its production in 1857. If it works well, it doesn’t require changing.
Using cryptography and the first of the CIA (Confidentiality, Integrity, Availability) triad of information security is a great example of how encryption-based confidentiality works both ways. We love encryption when it works for us, obscuring our sensitive information from the eyes of threat actors, but despise it when it’s used to lock us out of our own data by the same.
But just as the ‘prince with millions of dollars’ spam email evolved into the targeted phishing and whaling attacks we see today, the ransomware that first came about has evolved into what is known as targeted ransomware.
What's new?
Your common variety ransomware is exactly that – indiscriminate. It will try and get whoever it can and leverage a known vulnerability, choosing targets at random and simply playing the numbers. Targeted ransomware, however, focuses on a specific target, intentionally chosen, with value to their data, but more importantly according to the vulnerabilities that exist within their organisation. It’s this last point that means targeted ransomware is having such high success – vulnerabilities in the system mean easy access to sensitive information.
Plan for targeted ransomware attacks
“Great thanks, now I won’t be able to sleep tonight…” I hear you groan, but fear not, as it’s not all gloom. The good news is that the threat we know is one we can mitigate. Whilst the construction and targeting of the ransomware is much more crafted, the mechanism and objective remain the same. And it’s this fact that empowers us to fight back. Here at Softcat we’ve made a short guide to help equip you before, during and after a targeted ransomware attack.
Our guide walks you through the best way to secure your systems, as well as outlining a simple list of actions should you be targeted, and the steps to take in order to best recover from a targeted ransomware attack to help prevent a similar attack in the future.
The guide is a great tool to begin this conversation, but it shouldn’t be the end. Equally this threat is sadly one of the many out there, and whilst it may seem like an unwinnable fight it’s important that we return to the fundamentals of risk, around impact and likelihood. The success of targeted ransomware increases the likelihood, and the impact remains large, but weighing this up in the context of your organisation and its security maturity will enable a pragmatic and objective discussion about your level of risk and any required steps to improve your cyber security.
A risk-based, proactive approach
When looking at cyber security, we regularly find customers fall into one of two groups surrounding their approach to security:
Reactive – who respond to articles, breaches and guidance that are released after the event, and have a ‘learn from other’s mistakes’ and ‘what we see in the wild’ mentality
Proactive – who understand their position ahead of time, the likely scenarios that affect them, and operate with a risk management approach.
Whilst the reactive approach does have a reasonable cost saving to it, we think it simply doesn’t cover enough visibility. Softcat’s recommendation is always proactive. In fact, we’re so passionate about this methodology that we built our Cyber Security Servicesaround it.
Whether it is assessing your security posture, monitoring security systems or managing complex appliances such as firewalls – Softcat Cyber Security Services offer advice, recommendations and solutions to meet your requirements.
Get in touch
If you’re concerned about targeted ransomware, interested in Cyber Security Services or want to move from a reactive to a proactive security approach, speak to your account manager or click the button below to find out more.