What is Ransomware?

An organization or user's access to data on their computer is restricted by malware known as "ransomware." Cybercriminals put businesses in a situation wherein paying the ransom is the quickest and least expensive option to recover access to their data by encoding these files and requesting a ransom demand for the decryption key. For increased motivation for ransomware sufferers to pay the ransom, several variations have included other capabilities, such as data stealing.

 

The first known ransomware attack was called "AIDS" or "PC Cyborg", which surfaced in 1989. Today, there are many different types of ransomware including Cryptolocker, CryptoWall, CTB-Locker, Locky, and TeslaCrypt. Some ransomware variants even go so far as to disable anti-malware software on infected systems so they cannot be removed by other means.

 

 

Emergence of Ransomware

The 2017 WannaCry attack marked the start of the current ransomware mania. This widespread and well reported assault proved that ransomware was both feasible and possibly lucrative. Numerous ransomware variations have since been created and utilized in numerous assaults.

 

The recent rise in ransomware was also influenced by the COVID-19 epidemic. Gaps in firms' cyber security emerged when they quickly shifted to remote labor. These flaws were taken advantage of by cybercriminals to spread ransomware, which led to an increase in ransomware assaults. When compared to the first half of 2020, ransomware assaults climbed by 50% in the third quarter.

 

 

Popular Ransomware Variants

There are several ransomware variants, each with specific features. However, certain ransomware organizations have been more active and profitable than others, setting them apart from the competition.

 

1. Ryuk

A very targeted ransomware variant is Ryuk. It is frequently sent by spear phishing emails or by utilizing stolen user credentials to access business systems over the Remote Desktop Protocol (RDP). After infecting a system, Ryuk encrypts some file types (but ignoring those that are essential to a computer's functionality), then demands a ransom.

 

One of the most costly ransomware variants in use is known as Ryuk. The average ransom demanded by Ryuk is above $1 million. As a result, Ryuk's cybercriminals mostly target businesses who have the means to satisfy their demands.

 

2. Maze

Because it was the first ransomware strain to combine file encryption and data theft, the Maze ransomware is well-known. When victims started declining ransom demands, Maze started gathering private information from their PCs and encrypting it. This data would either be made publicly available or sold to the highest bidder if the ransom demands were not satisfied. A further inducement to pay up was the prospect for a costly data leak.

 

The organization that created the Maze ransomware has formally ceased operations. This does not, however, imply that ransomware is any less of a concern. The Egregor, Maze, and Sekhmet varieties are said to share a same origin, and some Maze associates have switched to utilizing it.

 

3. REvil (Sodinokibi)

REvil started out as a conventional ransomware strain, but it has since developed. Now, it uses the Double Extortion method to steal data from organizations while also securing the files. This implies that attackers may threaten to reveal the hacked information if a second payment isn't received in conjunction with demanding a fee to unlock the data.

 

4. Lockbit

The ransomware-as-a-service LockBit has been active since September 2019 and encrypts data (RaaS). This ransomware was created to swiftly encrypt huge enterprises in order to avoid being immediately discovered by intrusion detection systems and IT/SOC teams.

 

5. DearCry

Microsoft issued remedies for four Microsoft Exchange server vulnerabilities in March 2021. A new ransomware version called DearCry is intended to exploit four previously discovered vulnerabilities in Microsoft Exchange.

 

Some file formats are encrypted by the DearCry ransomware. After the encryption process is complete, DearCry will display a ransom notice telling users to email the ransomware's operators to request instructions on how to unlock their data.

 

6. Lapsus$

A South American ransomware group known as Lapsus$ has been connected to cyberattacks on prominent targets. The cyber gang is well-known for extortion, threatening the publication of private data if its victims don't comply with its demands. The organization has claimed of getting into companies including Nvidia, Samsung, and Ubisoft. The gang masks malware files as legitimate ones by using stolen source code.

 

 

How to Protect Against Ransomware

 

Utilize Best Practices

An effective plan may significantly reduce the cost and effects of a ransomware attack. Adopting the recommended practices listed below can lessen an organization's vulnerability to ransomware and lessen its effects:

 

Cyber Awareness Training and Education: Phishing emails are a common method for spreading ransomware. It is essential to educate people on how to recognize and prevent possible ransomware attacks. User education is frequently seen as one of the most crucial defenses a company can employ, since many modern cyber-attacks begin with a focused email that does not even include malware but merely a socially engineered communication that tempts the user to click on a harmful link.

 

Continuous data backups: According to the definition of ransomware, it is software created so that decrypting encrypted data requires paying a ransom. A company may recover from an assault with little to no data loss and without having to pay a ransom thanks to automated, secured data backups. A crucial procedure for preventing data loss and ensuring data recovery in the case of contamination or disk hardware failure is maintaining frequent backups of data. Organizations may recuperate from ransomware attacks with the assistance of functional backups.

 

Patching: In order to guard against ransomware attacks, patching is essential since hackers frequently search the patches for the most recently discovered exploits before launching assaults on unpatched systems. Because fewer possible vulnerabilities exist within the company for an attacker to exploit, it is crucial that firms make sure all systems have the most recent fixes deployed to them.

 

User Authentication: Attackers using ransomware frequently exploit stolen user credentials to access services like RDP. A strong authentication process can make it more difficult for an adversary to utilize a password that has been guessed or stolen.

Biometrics 101 

Biometrics utilize your physical characteristics to assess identification matters such as fingerprint scans, facial recognition, retina scans, etc. as a more advanced sector of security. Biometrics is simply defined as a biological measurement or a unique physical characteristic that not even your twin would share. Think of it as you, yourself, being the password. 

 

The biometrics industry has experienced massive growth and momentum over the last decade as more and more cyber-attacks have placed companies in a position to think through more advanced, alternative security measures such as biometric identification. Totaling upwards of $68 Billion in just five years, this industry doesn’t show signs of slowing. 

 

Let’s dive deeper into the benefits but also the potential hidden dangers of biometrics in cybersecurity. 

 

Three Types of Biometric Security 

Biometric security can be grouped into three main subcategories such as: 

 

• Biological biometrics 
• Morphological biometrics 
• Behavioral biometrics 

Biological biometrics are exactly what they sound; using your biological makeup to use as identifiers for security purposes such as your DNA, tested through fluid samples. 

 

Morphological biometrics are most commonly used via your laptops, phones, tablets, etc. which include your physical traits like fingerprints and eye/facial shape, which are mapped through different types of security scanners. 

 

Behavioral biometrics include your walk, speech, and other purely behavioral traits exhibited on a daily basis that give way to succinct patterns. Similar to how interrogators use small microaggressions such as the twitch of a nose, or the quiver of a lip for hints of false testimony. 

 

Examples of Biometric Security 

While there are many different forms, here are some more common examples: 

 

• Voice Recognition 
• Fingerprint Scanning 
• Facial Recognition 
• Iris Recognition 
• Heart-Rate Sensors 

Odds are, you have run into many, if not all these biometrics at one point or another, whether that be at the hospital or just using an electronic device. Biometric security can be used in a plethora of different applications from a simple fingerprint scan to access a phone, to the protection of nuclear systems via multiple advanced biometrics such as retina/iris scans. 

 

Biometrics has seen a stratospheric rise in adoption over many different industries recently, such as:  

 

• Government 
• Border Control 
• Identity Management 
• Education 
• Private Sectors 
• Call Center Facilitation 
• Health Care 
• Pubs & Clubs 

While the adoption rates rise, the costs begin to drop for biometrics as to allow mid to small business use and even individual applications are being seen in the market. In days past, only the most high-end phones were equipped with fingerprint scanners but now even the $75 models come fully equipped with this setup. Biometrics are becoming an integral part of everyday life and it seems only inevitable that most businesses will adopt this ideology as well, even on the smallest scale.  

 

 

But, Are They Safe? 

Passwords are forgotten every day, subsequently, they are changed just as often, but biometrics stay with you for your lifetime and are unable to be “changed”, so does this mean they are foolproof? Well, not exactly, but extremely close. 

 

A biometric such as your handwriting or signature can not be stolen, but it can be learned by someone willing to take the time. Similarly, a physiological biometric like face mapping can be stolen through a photograph or some other illegally obtained means of duplication, while this is just a copy, it could still pose potential issues. Even though these biometrics can, in theory, be “stolen”, that does not mean instant access for your attacker since most systems use what’s called “liveness tests”. These tests help prevent and reject any samples of duplicated information such as fingerprints obtained on a piece of tape, or using a photograph of your target to gain entry.  

 

Many devices and systems have taken extra precautions against the examples listed above; take LG for example. They combine facial and voice recognition along with a heartbeat sensor to ensure a copy of a fingerprint can not be used in the same manner as a live person. The real challenges lie in solely facial scanners which have been successfully tricked by researchers and attackers alike. 

 

Researchers at the University of North Carolina set up an experiment to hack into facial recognition systems by downloading social media images of the volunteers and using them to construct 3D models of their faces, ultimately breaking into 4 out of 5 systems; a 90% success rate. 

 

Cloning fingerprints can be done reliably, cost-effectively, and rather quick as a demonstration at the Black Hat Cybersecurity conference showed duplicating a fingerprint using molding plastic or wax in as little as 10 minutes. Biometrics may be the way of the future, but that certainly does not expel risk. 

 

One more example of that aforementioned risk presented itself after the release of the Iphone 5, when members of the group, Chaos Computer Club, successfully bypassed the new fingerprint scanner by simply photographing the target fingerprint on a glass surface and then using it to unlock the phone. Obviously, technology has well evolved since the Iphone 5’s release, but with that comes the evolution of hackers and attackers hoping to create new ways to slip by these biometric systems. 

 

Biometric Data Security Concerns 

The more mainstream adoption of biometrics comes with a few data security concerns attached to it. Cybercriminals aim to get their hands on as much personal data as possible and these biometric systems host exactly the kind of information that attackers seek. In 2015, the US Office of Personnel Management was hacked, exposing upwards of 5.6 million fingerprints of official government employees, essentially leaving their identities unlocked for anyone to steal. 

 

Best practices for storing this type of data result in housing this information on a single device rather than a database no matter the level of encryption, as hackers can breach a system and take any and all data that is not properly secured, whereas breaching a single devices information is much more difficult. 

 

Ways to Protect Biometric Identity 

Biometric authentication should not be your sole means of protection as multiple means can dramatically increase the safety of your information, such as “liveness tests” like blinking that aren’t able to be duplicated or machined. 

 

Even more advanced systems have begun implementing add-on features for enhanced security such as age, gender, and height to increase the difficulty of obtaining all of this information legally.  

 

Two-factor authentication layered with biometric initial access can be a powerful combination and one that is recommended for secured internet devices as to lessen vulnerability.  

 

Takeaways on Biometrics 

Overall, biometrics continue to dominate the market and look to drastically increase security of systems through combinations of physical/behavioral scans along with other authentication. Utilizing simple, character-based passwords, are becoming a thing of the past as biometric technology continues to evolve. 

 

Do you trust biometrics and the new realm of biometric tech? Let me know in the comments. 

 

Starting 18 years ago, cybersecurity awareness month has magnified into a global effort to educate, inform, and empower everyone to protect themselves online as cyberthreats continue to see dramatic increases over the past decade. As our livelihoods shift predominately online, we become more vulnerable to prying eyes and malicious threat actors. This collaboration between the National Cybersecurity Alliance (NCA) and The Cybersecurity and Infrastructure Security Agency (CISA) helps to limelight crucial tips and steps to remain vigilant wherever you go online.

 

 

Here is an excerpt from CISA on this year’s CAM theme:

 

“This year’s campaign theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people . This October will focus on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public, and ensure all individuals and organizations make smart decisions whether on the job, at home or at school – now and in the future. We encourage each of you to engage in this year’s efforts by creating your own cyber awareness campaigns and sharing this messaging with your peers.”

 

This year’s theme centers on the individual rather than just large companies and organizations to place importance on the role we all play in creating safer online environments. Here are 4 steps that EVERYONE can take, no matter your expertise in cybersecurity:

 

1. Enable Multi-Factor Authentication
2. Use Strong, UNIQUE passwords
3. Report Suspicious Emails and Activity
4. Keep Your Software Updated

 

 

What YOU CAN Do

 

“When we say See Yourself in Cyber, we mean to see yourself in cyber no matter what role you play.” - CISA

 

You may not have a role in IT or cybersecurity whatsoever, and you may be the least technologically savvy person in your family, but you still have the ability to safeguard your personal and private data!

 

Here are some tips from the U.S Securities & Exchange Commission:

 

• Be Careful What You Download. When you download a program or file from an unknown source, you risk loading malicious software programs on your computer. Fraudsters often hide these programs within seemingly benign applications. Think twice before you click on a pop-up advertisement or download a "free" game or gadget.

 

• Use Your Own Computer If You Can. It's generally safer to access your online brokerage account from your own computer than from other computers. If you need to use a computer other than your own, you won't know if it contains viruses or spyware. If you do use another computer, be sure to delete all of the your "Temporary Internet Files" and clear all of your "History" after you log off your account.

 

• Don't Respond to Emails Requesting Personal Information. Legitimate entities will not ask you to provide or verify sensitive information through a non-secure means, such as email. If you have reason to believe that your financial institution actually does need personal information from you, pick up the phone and call the company yourself - using the number in your rolodex, not the one the email provides!

 

Security Tip: Even though a web address in an email may look legitimate, fraudsters can mask the true destination. Rather than merely clicking on a link provided in an email, type the web address into your browser yourself (or use a bookmark you previously created).

 

• Be Smart About Your Password. The best passwords are ones that are difficult to guess. Try using a password that consists of a combination of numbers, letters (both upper case and lower case), punctuation, and special characters. You should change your password regularly and use a different password for each of your accounts. Don't share your password with others and never reply to "phishing" emails with your password or other sensitive information. You also shouldn't store your password on your computer. If you need to write down your password, store it in a secure, private place.

 

• Use Extra Caution with Wireless Connections. Wireless networks may not provide as much security as wired Internet connections. In fact, many "hotspots" reduce their security so it's easier for individuals to access and use these wireless networks. Unless you use a security token, you may decide that accessing your online brokerage account through a wireless connection isn't worth the security risk.

 

• Log Out Completely. Closing or minimizing your browser or typing in a new web address when you're done using your online account may not be enough to prevent others from gaining access to your account information. Instead, click on the "log out" button to terminate your online session. In addition, you shouldn't permit your browser to "remember" your username and password information.

 

Use your voice this October to advocate for a better understanding of safe, online practices, whether that be to your family, via social media, co-workers, etc. YOU can make a difference in the safety of others online.

 

More on how you can help: Click HERE