• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

commonsent / May 11, 2023

Cyber Crimes are Evolving! Are Your Defenses?

As cyber threats increase, cyber defense practices improve to battle the threat.

If you know there is a threat of someone stealing your car, you lock it or park it in your garage. Maybe even put an alarm on it or use a system like LoJack in case it is stolen so it can be recovered.

Just as you take precautions to prevent car theft and recover it if it is stolen, cyber security professionals are kept up at night with ways to prevent and even recover from ransomware attacks.

The first step is to keep it from even happening. In the early days of ransomware attacks, cyber criminals would use malware to gain access to your computer or your network. They would lock and encrypt your data. The cyber attacker would then demand a ransom to regain access to your data (i.e., to receive the decryption key). However, even if the ransom is paid, oftentimes, the decryption is not completely successful, and not all data is recoverable. Plus, surprisingly, not all criminals can be trusted to give you the key.

The FBI tells victims NOT to pay a ransom because this does not stop the criminals. If ransomware attacks are profitable, they will continue to do it.

The defense to this is to keep them out of your network in the first place. This could be anti-virus, firewalls, EDR, and other technologies – plus anti-phishing tools and training.

Cyber security experts then began to prioritize backups of data and systems so that even if you are locked out of your network and lose access to your data, you can start from scratch and restore from backups. Problem solved. But not for long.

Double Extortion was born. This is a tactic whereby the data is encrypted and exfiltrated (downloaded). Now, even though you have backups, your information is in the hands of the criminal. The ransom demand is no longer about getting a decryption key, but it is about paying the attacker not to release or publish sensitive information they have stolen from your system.

We have recently seen a third level of threat from ransomware, which has been deemed Triple Extortion. In this tactic, the ransomware groups not only encrypt files and extract data, they also threaten to launch a distributed denial-of-service (DDoD) attack causing a disruption of normal operations. Added pressure from encryption, the threat of data release, and DDoS attack is intended to push the victim to pay the ransom.

The official guidance is still not to pay the ransom. However, when the information is personal data or even trade secrets, it is a tough decision. This led to another evolution in the tactics of the ransomware groups. Pressure from stakeholders.

Stakeholders may be actual shareholders who don’t want negative publicity of a ransomware attack on a company in which they own stock or they may be customers/clients whose information is at risk. The ransomware group will contact them (which is easy because they have downloaded their contact information in the attack) and tell them that their data will be released if the organization does not pay the ransom. The added pressure from those with a vested interest may be enough to make them pay.

Earlier this month, Bluefield University in Virginia was hit with a ransomware attack. In addition to stealing data, the ransomware group accessed the university’s alert texting system and sent a message to the students and faculty that they had access to their information and would post it on the dark web if the university did not pay the ransom.

Once again, we see the evolution that it is no longer just the data they went after but also the alert system to use to their advantage. What if that system were a county’s 911 system? That would be pressure for sure on a county judge or fiscal court to pay a ransom!

The keys are to prevent becoming a victim and to have measures in place to respond if you do. This includes backups; limiting your attack surface; monitoring traffic; using technologies, processes, and physical security; and documenting incident response plans and practicing them.

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT