The cyber threat landscape is no doubt a very dynamic one; it is constantly changing, almost by the hour. This is illustrated by how prevalent Ransomware has become. It has been a major threat variant in the past, but now it seems to be coming in waves. For example, it is not only select targets that are impacted. Nearly every entity is now vulnerable to Ransomware, ranging from Critical Infrastructure (as we have seen with the recent water and gas supply line attacks) to healthcare organizations.
Even so, Ransomware is still poorly understood by the public. In this article, we review what Ransomware is, the major strains of Ransomware, and how Identity and Access Management (IAM) solutions can be used to mitigate the risk of your business becoming the next victim.
What Is Ransomware?
A Ransomware attack occurs when a Cyberattacker deploys Malware onto your computer or wireless device, and basically holds it as a hostage by locking your computer screen. Also, any of your mission critical files become encrypted with a specialized algorithm, making them impossible for you to access. To restore access to your device, you will be asked to pay the Cyberattacker ransom.
Ransom, in this case, is not something that is paid in a hard currency, but rather in its virtual form, such Bitcoin. This form of ransom allows the Cyberattacker to hide their tracks and avoid being caught. Once the appropriate amount of Bitcoin has been paid, the Cyberattacker will then release the decryption algorithms so you can unlock your device and render your files back into a decipherable state.
While some Cyberattackers have followed through with releasing the devices and files back to the victim (such as with the Colonial Gas Pipeline attack), a majority of them simply vanish after they have been paid, essentially leaving the victim in a paralyzed state. But this is only the beginning. Ransomware has become so bad these days that goes beyond the locking of devices; it now includes extortion, whereby the Cyberattacker threatens the victim by publicly releasing their confidential datasets to the public, or even selling them on the Dark Web.
Five Major Ransomware Variants
Although new forms of Ransomware come out on a regular basis, the Ransomware variants can be classified into five major strains:
- Crypto Encryptors: This is the kind of attack that typically occurs, where the victim’s files are locked until they pay the Ransom, at which point the Cyberattacker sends them the decryption keys.
- Lockers: This is where the victim’s files become encrypted, and their screen is also locked, thus rendering their device completely inoperable. Typically, these two steps are carried out simultaneously when a Ransomware attack is launched.
- Scareware: With this variant, various pop-up messages appear in your web browser, claiming that a serious virus has been detected on your device. This is designed to prey upon the fears of the victim, who clicks on that message, at which point special Malware is deployed onto the device, locking the screen and encrypting the files.
- Leakware: This strain of Ransomware is used primarily for extortion purposes. In these cases, the victim tends to pay up out of fear of brand loss and severe reputational damage. This is sometimes referred to “Doxware.”
- Ransomware as a service: This is also commonly referred to as “RaaS.” In this case, a newbie Cyberattacker outsources a Ransomware attack to a professional hacking group that has all of the tools to inflict as much damage as possible on the target victim. These hacking groups can be found primarily on the Dark Web.
How IAM Can be Used to Mitigate Ransomware Risks
The use of IAM is a very strong and viable solution to help thwart Ransomware attacks. Essentially, IAM deals with three key areas: the identification, authentication, and authorization of an individual who wants to gain access to certain resources. The major components that constitute an IAM solution include the following:
- An automated system that keeps a detailed log history of the login attempts and resource access by all of the employees in an organization.
- The required tools for the creation, deletion, and revision of the rights, permissions, and privileges that are granted to all of a company’s employees.
- A comprehensive database(s) that stores all login credentials and permissions granted to each employee.
Follow these guidelines when establishing your IAM Framework, especially when it comes to dealing with Ransomware:
- Make use of role-based access controls (RABC): With RABC, you need to carefully review each employee’s job title and their specific functions. Next you should, at a bare minimum, assign the required permissions. This is also known as “Least Privilege Access.” In other words, you do not want to give an employee any more permission than what is absolutely required for them to perform job tasks on a daily basis. For example, you would not want to assign the employees of the finance department any sort of administrative privileges, which is far more appropriate for the network administrator.
- Make use of multi-factor authentication (MFA): With this approach, you deploy at least three or more unique authentication methods to confirm the identity of an individual trying to gain access to your IT and Network Infrastructure. This includes a combination of a password, a PIN number, an RSA token, and even a biometric-based technology such as that of fingerprint and/or iris recognition.
- Break out your network: Most businesses today still rely upon what is known as Perimeter Security, in which one large circle of defense is used to protect a company’s digital assets. The main disadvantage with this this method is that, once the Cyberattacker has broken through this perimeter, they can run free and gain access to just about anything they want to. In fact, this is how many Ransomware attacks typically occur. To avoid this kind of scenario, you should seriously consider breaking up your IT and Network Infrastructure into various segments, which are also referred to as “subnets.” Each subnet should have their own level of MFA tools put into place. By taking this approach, the statistical chances of a Cyberattacker breaking all the way through to the heart of your digital assets becomes almost zero.
Overall, this article has provided an overview of what Ransomware is and how the proper use of IAM can help lessen the chances of your business becoming the next victim.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.