- Managed Services
- Security Engineering
- About Us
- News & Blog
Whether it's Ryuk, Cryptolocker, WannaCry, Petya, or one of the other many types, ransomware is a cyber threat that doesn't discriminate. Regardless of business size and whether your organisation is in healthcare, government, finance, manufacturing, or retail - you're vulnerable to ransomware.
Traditional cybersecurity services such as penetration testing aren't looking for vulnerabilities to ransomware, and there isn't a "one size fits all", or "install this software" fix. This specialised service helps organisations to understand where and how they're at risk, what controls, remediations, and mitigations need to be in place, and most importantly provides your team with an education-based approach as to why the recommended measures need to be implemented.
This service begins with an analysis and assessment of your environment against the mechanisms through which ransomware gets in, as well as the damage it could possibly do once it's active. We work with you and your specific systems to determine what measures need to be in place to prevent ransomware attacks, as well as recovery and response plans.
Ransomware vulnerabilities are like the swiss cheese of information security. Resiliency requires understanding what needs to be in place, and where. It provides an answer to the question "Can your organisation effectively stop ransomware?"
The outcome of the ransomware protection service shows you how susceptible your organisation is to an attack, what controls are or are not in place, and compares what's needed to prevent an attack with what your organisation has already. The end goal is resilience against ransomware.
Security Centric will provide a recommended remediation and mitigation pathway to specifically protect against ransomware. These recommendations can either be implemented by your internal IT team, or the security engineers at Security Centric can provide that service too.
Ransomware is a form of malware - malicious software - which once activated encrypts the victim's system. It can affect a single PC, or an entire network, depending upon how securely configured your infrastructure is.
Once the ransomware has a hold of your infrastructure, if there is no redundancy in place for this there are few options left to you as to recovery of your system. Options include paying the ransom, or hoping there is a decryption key freely available.
No one is safe from a ransomware attack, but having any weak spots in your infrastructure and processes identified and remediated or mitigated, as well as having a response and recovery plan can help minimise the disruption and cost to your business.
In a move that is becoming more frequent, organisations affected by a ransomware attack then become vulnerable to secondary requests for ransoms as malicious actors then threaten to sell or reveal sensitive financial and customer data.
Ransoms demanded by malicious actors post attack can vary greatly. You've probably heard that numbers can run into the millions, with attacks like the one on Garmin and Lion being key examples of this.
A recent report by Datto (2020) indicates that the average cost of a ransom is generally much lower than the ones we've seen from Garmin and Lion, however the real cost to a business comes from the cost of business downtime.
The cost of business downtime to recover, decrypt, and the combined cost of loss of trade is nearly 50 times greater than the ransom cost. The average business downtime cost in Asia Pacific in 2020 was $257,000 (USD).
Ransomware doesn't discriminate and attacks aren't specific to a particular industry. Everyone is at risk of a ransomware attack, and it's a common saying cyber security circles that "it's not a case of if, it's a case of when".
We wish it was that easy. While an antivirus and a firewall are a great start to protecting against any malicious cyber attacks, there are multiple ways that ransomware can get into and get a hold of your system.
Specifically for ransomware attacks too is the question of "Once it's there, how much damage can it do?". So the multiple pronged approach to security comes to play in a "prevention plus response and resiliency".
Information security touches everything from having the antivirus and firewall, through to proper configuration of that, to awareness, training, and policy, to securing infrastructure and web-facing applications. We refer to this as an "attack surface", and what needs to be done to secure your environment is specific and to you.
The great news is that here at Security Centric our goal is to simplify the understanding and fixing of this as much as possible. We don't just want to tell you what you need to do, we want you to understand why it's important and how it's going to help keep your organisation secure.
November 2020: Legal services firm Law in Order was hit by what's becoming commonly known as a "double ransom", where the data stolen during the initial attack is then used to threaten the organisation for additional payments.
Type: Netwalker Ransomware | Ransom Cost: Unknown
October 2020: Barnes & Noble booksellers were targeted by ransomware which compromised customer names, billing and shipping addresses, emails, and telephone numbers. It also affected their online and in-store operations including their ability to process payments.
Type: Egregor Ransomware | Ransom Cost: Unknown
September 2020: Tyler Technologies, the largest software company in North America dealing with the public sector, paid a ransom for a decryption key to recover their files.
Type: RansomExx | Ransom Cost: Unknown
August 2020: Garmin electronics - best known for their GPS and fitness tracking devices, but whose technology is also used in aviation - reportedly paid $10m to ransomware hackers. By many accounts the majority of their systems were rendered useless.
Type: WastedLocker | Ransom Cost: $10m
June 2020: Lion Australia, the beverage giant, was hit by multiple cyber attacks that included ransomware, after which the hackers threatened to publish or auction company data on the darkweb.
Type: REvil | Ransom Cost: $1.16m
Unsure of what you should be looking for from your penetration test? We've compiled a checklist outlining the top five "must-haves" from your security provider.