Photo by Roberto Catarinicchia on Unsplash [Download]

2020 Ransomware And Data Security

The logical risks are now proving very difficult to keep up with, and pose a significant overhead on even those organisations who have technological resources.

However, even more worrying is the multiple millions of individuals who are using the Internet to service their every day life needs individuals who may be asserted to have very little, or no understanding of the actual threat, and even more of concern, how to mitigate and/or recover from such adverse conditions.Risks vary from and morph in many forms which implicate the end target systems, with one very current example being that of a Ransomware attacks which are crafted with the malicious intention of compromising a device to lockout the authorised user from their own data objects; or, even locking out the entire system from user access.

This in turn in a number of instances can also breach CTF see reference Financial Action Taskforce Fighting Terrorist Financing, which infers that to pay such demands goes on to provision funds to support other related criminal activities, ranging from the production of counterfeit goods through to people trafficking.

The fist indications of the presence of a Ransomware agent being resident on a server within the organisations on-site farm was detected by a third-party SOC located in the US who informed the client on each monthly service call that they were hosting what looked to be a viral agent. However, given that this particular business was running without a senior, knowledgable security lead, the incumbent junior interim security manager decided that, as this particular agent was passive and not causing any issues, it would be dealt with at some future juncture as a matter of routine maintenance when that particular server would be subject to update, and thus in the meantime the threat vector was allowed to remain passively active and resident on that particular machine.However, this particular Ransomware agent had a number of other adverse facets, and it was soon discovered from a packet sniff that this Ransomware agent was also calling home and sending packets of data out to an offshore IP address possibly credit card transactional data.As more in depth analysis was conducted it soon became very clear that this particular agent was smart, as it also took steps to locate and disable any on-system anti-malware protective defence on the booking workstation!

The overall impact was lost revenue, 6 days of a clean up operation, and the small matter of reporting the breach under the PCI-DSS mandated processes, which was action never taken!

However, for those individuals and SMEs who use the Internet to conduct their everyday life, and business practices, such simple solutions as introduced may be considered a business life saver.

Original article