Social Network For CISO (Chief Information Security Officers)
The world today is full of unlimited business opportunities. We all operate in digital era to perform business operations (by Connecting people, enterprises, Smart Cities, systems, LOT, Utilities, Smart Grids/Meters, Big Data and Analytics and SMAC across the globe). We follow standard operating procedure defined during Stone Age without giving due diligence on the upcoming threat landscape.
This post is informative in nature and will help people who think cyber-attacks are not meant for them or they will never get affected due to either nature of their business or scale of their business. Be prepared, you can be the easy Target!!!
I would like to share a true incident happened in Non-IT organization which resulted big havoc and made complete operation at stand still for few days. Million dollar loss!!!
It was a normal day, when I received a call from my friend requesting some help since I understand security operations. I casually enquired the reason behind; however I felt he was little hesitating. During conversation, he mentioned that his customer is facing major issue due to malware attack and he requested my help to rescue. On his request, I agreed to socialize with the customer. Let me narrate the complete conversation-
During conversation, I came to know that he is heading the IT operation and seems to be in a deep problem. Initially, he was hesitating in sharing the issue due to company reputation and market share. However, based on my assurance he stated to me that the complete IT operation is stop due to malware attack. With the deep breath, I asked him more detail on the behavior of malware and the issue so that I can suggest mitigation plan. According to him……
With the deep breath, I understood the complete issue. It was an “Encrypted Ransomware” attack. A Highly-Profitable Evolving Threat!!!
Okay, let me brief you exactly how it functions.
Ransomware, as terms says it’s related to ransom; however in current circumstance it’s related to “Digital Ransom”. In the current context attacker has encrypted the digital information and asking Ransom money to rescue/decrypt the data so that it can be used for business operation. It’s a big call which customer has to make, considering
Before Business takes a call on the above alarming question, let’s understand little more on how it works and how it’s impacting the users across the Globe.
Ransomware can exhibit worm-like behavior and can remain undetected. The ransom leverages removable and network drives to propagate itself and affect more users. There are many forms of Ransomware someone of which has destructive nature i.e. they are designed with automated counter, once reached the threshold it will start deleting the files. If you restart the computer or try to stop its services, it become more disruptive and may delete 1000 of files. Ransomware Boss (In IT Terms, can be referred as a Program Head) will establish the complete program like a project J.The leader (In IT Terms can be referred as a Technical lead) is recruited from 10 to 15 affiliates that supported him in spreading the ransomware via:
Let’s understand the market analysis so that we can Say “No to Digital Threat in cross connected ecosystem”
Revenue Business from Ransomware
Growth of Encrypted Ransomware Q1 2016
The best preparation for tomorrow is doing your best today. In my next post, I will be guiding on developing holistic approach on how to battle with Ransomware proactively to avoid massive destruction along with Mitigation approach. Till then stay safe!!!