Detecting Ransomware – Ransomware Part 4

by
magnifying glass

Ransomware will not stop – the threat actors just make too much money from it. It does not matter what official bodies say about not paying – organisations with poor recovery plans or sensitive data that is going to be exposed will pay up and there will be organisations and lawyers set up to facilitate those payments. (NCSC, 2022)

Even if you have a perfect back-up to deal with ransomware encryption, the threat of having stolen data exposed or sold on the Dark Web is difficult to defend against – so again organisations pay up, and ransomware does not stop.

So you had better deploy as many tools as possible to detect it!

Detecting Ransomware - Ransomware Part 4 Cyber Awake
<em>Have you got a plan for this<em>

How do you detect ransomware?

Good anti-virus at every stage of your information process is the obvious answer – checking end points and servers, email, data storage devices, filtering websites that your team may visit, monitoring network and cloud activity looking for abnormal traffic and anything else that you feel needs it when working through your planning and preparation.

Your people are another good ransomware detection system. If they are trained to recognise suspicious activity that could indicate ransomware malware may be contained in an attachment, or that a link looks suspect, or is under way on a PC or network, etc. etc. they can alert your IT/Cyber Security support team when technical defences have missed it.

Why would your technical defences miss the ransomware?

There is always the zero-day – that is the gap between the threat actors tweaking their malware to evade detection and the vendors spotting that tweak then updating their detection and the patch getting to you.

That is why cyber security awareness training is so important.

People Again

I suggest you go and read The Blame Game. In it I briefly explain why threat actors like organisations that run a blame culture as that makes them very vulnerable to exploitation. Conversely, being able to admit you may have clicked on a link or opened a suspect file without fear of repercussions can save a ransomware attack getting hold of your systems.

But you have not given us a complete answer!

You are right – the complete answer will be different depending on your business or organisation. These steps are just meant to get you started – your planning and preparation meetings are where you get the full answer.

Next

Impact.


Clive Catton MSc (Cyber Security) – by-line and other articles

References

Grimes, R. A. (2021). Ransomware protection playbook. John Wiley & Sons, Incorporated.

NCSC. (2022). Solicitors urged to help stem the rising tide of Ransomware payments. National Cyber Security Centre. Retrieved February 8, 2023, from https://www.ncsc.gov.uk/news/solicitors-urged-to-help-stem-the-rising-tide-of-ransomware-payments

Further Reading

NCSC and the ICO say – Don’t pay the malware ransom

Would you pay the ransom?

The Blame Game

Zero-day (computing) – Wikipedia

The Ransomware Mini-series

Ransomware: Is it a Threat? (Part 1)

A Bag of Spanners – Planning and Preparation (Part 2)

Minimise the Damage – Planning and Preparation (Part 3)

Contact us for consultation

Wake up to cyber threats..

Detecting Ransomware - Ransomware Part 4 Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close