THE TIBERIUM BLOG - recent events, threats, and all things cyber

Don’t Pay The Ransom

Ransom has been a thing since, probably, the invention of rope. It is certainly referred to in The Holy Bible. In the Old Testament, it referred to as payment of some sort to release someone, and in the New Testament, it refers to “Christ’s gift of Himself as a ransom for many”.

No such thing as an original sin. A notion that is continuously being challenged in the cyberspace.

To get some perspective, the largest ransom ever paid for the release of a person (according to the Guinness Book Of Records) was $1.5 Billion in 1533 for Atahualpa, Emperor Of The Incas.

More recently, there was a very shady $1 Billion paid for the release of the Qatari Royal Family, kidnapped on a hunting expedition in Iraq, or so it is said.

We all know about ‘Ransomware’ or at least we should now. Criminals gain access to your computer systems (usually via phishing emails, vulnerable Internet-facing devices or misconfigured kit) and proceed to encrypt your precious data demanding a ransom in zee evil crypto coin for its decryption.

As an added bonus, in some cases, these low-life scumbags start to publish your data until you pay. According to a number of reports, the average Ransomware payouts in 2020 were $300,000 and are on the rise.

As Governments start to take cyber intrusion very seriously (the SolarWinds debacle really focused some minds), the Americans formed the “RansomWare Task Force”, a team with ‘participants from governments, software firms, cybersecurity vendors, non-profit and academic institutions from across the world’.

Rumour has been rife in the Cyber world that the output of this team would be the recommendation of legislation that makes paying ransoms illegal which would surely drive the whole grubby business underground with no disclosure from the victims. Rather than this, the Task Force recommended making payments more difficult by imposing bank-like regulation on cryptocurrency and engaging insurers to tighten up their act.

The UK’s NCSC has reported on this work positively, pointing out that they have already released guidance on how to mitigate against Ransomware . This guidance is very good advice, as is most content that comes out of NCSC with its army of Fred Js, Billy Bs etc. It is certainly worth downloading, reading and actually doing something about!

As well as regular, readily and quickly retrievable backups, preventing the attack in the first place (disrupting phishing, hardening Internet facing machines, best practice configuration) is imperative.

As new vulnerabilities are announced as fast as Speedy Gonzalez, it is impossible to mitigate against attacks manually. It is also very difficult to maintain best practice configuration in an environment with a very stretched IT Department, which should be focussing on adding business value through technology and is often fighting fires.

As we mentioned last week, best practice configuration is very far from what you get out of the box. Vendors turn off security controls so that everything ‘just works’. Microsoft includes tooling to prevent Ransomware against selected filestores/directories which is not difficult to implement, furthermore Windows Defender has numerous controls which can prevent these attacks.

Before setting out on the Tiberium journey, our team has built numerous managed security solutions and it is our mission to provide the World’s best automated managed security solution having broken our hearts and skinned our knees many times.

A fundamental pillar of our solution is best practice configuration on day one, as well as identifying Internet facing equipment, which you may not know you have. This is supported by Threat Intelligence to enable us to identify and protect against new attacks and automate actions to protect you.

Real time reporting, security scoring and access to our really very special people gives your team the time to focus own the day job and put away most of the fire extinguishers.

If you would like to see this in action, please book a demo. It will be worth your while.

We recommend that you implement the NCSC guidance and do not, ever, pay the ransom.

One of the latest Ransomware attacks is against QNAP Network Attached Storage. It is made possible because the developers left hard coded credentials in the code: Walter Walter. Who knew there was a song called that?

Please feel free to get in touch for any advice and have a good weekend.

Share on: