Ransomware recovery is always being pushed to new levels, and cyber criminals have two new tricks that are challenging cyber security plans to keep pace. Take a look at two developments causing headaches for security teams:
Double Encryption: In this model of ransom attack, ransomware recovery is hindered by the use of two rounds of encryption. Victims must pay for either a set of data that has been encrypted by two different strains on the same data or a side-by-side attack, where different types of encryptions have been used for different systems within the company.
Ransomware recovery requires that when the ransom is paid, the company is provided with steps for decryption. But the onus is on attackers to provide adequate instructions, and the victim has no assurance that they will be successful in regaining their data. In addition, decryption will likely be a manual, time-consuming process – and in side-by-side attacks, the company may struggle to determine which encryption method was used for each system attacked.
Double Extortion: Ransomware attackers steal plaintext information and then launch their encryption process. They then demand two ransoms. One is for the decryption solution and the other is to delete the victim’s data from their servers.
These two steps ensure that the attacker is paid, because while a backup may help the company avoid decryption, it doesn’t do anything to prevent the data being sold to someone else. Ransomware attackers form cartels where they sell one another data and continue threatening a company to gain additional ransoms. Even when the company pays the double ransom, there’s no guarantee that the data will be deleted and not sold.
The Risks of Paying Up: There are some good reasons why a company should never pay a ransom. First, the ransom doesn’t guarantee that the attackers will provide the decryption utilities – and even if they do, recovering data is manual and cumbersome with a high risk of data corruption.
Second, companies may find themselves in violation of the U.S. Department of the Treasury’s Office of Foreign Assets Control regulations. Companies that pay a ransom may have to add a penalty on top of their financial woes.
Having a reliable backup is always the first defense against these types of attacks, but there are other steps you can employ:
· Create a data theft prevention strategy.
· Monitor user behavior to identify threats or anomalies.
· Use multi-factor authentication.
· Employ penetration testing to identify weak spots in the network.
· Schedule employee training to help them recognize a threat.
The right strategy also demands the right monitoring tools and a technology partner that can guide you to the best solutions for ransomware recovery. Contact us at eXemplify to discuss the best possible cyber security plan to protect your data and systems.