Intelligent CIO Africa Issue 58 - Page 31


‘‘ business

wWhere does ransomware sit within the modern threat landscape ?

Within cyber , it ’ s got to be up there as one of the top risks that organisations are tracking . You only have to look at the importance that the US government , for example , has recently put on ransomware through its mission statements to see how prominently it is being recognised , not just within the west but further afield globally .
What are the different types of ransomware and how do they impact organisations ?
There are four categories of ransomware and all focus on impacting the ‘ CIA ’ triangle – confidentiality , integrity , or availability of data . aware that some variants out there have been linked back to nation states . But I wouldn ’ t say that ’ s the predominant driver .
David Higgins , EMEA Technical Director at CyberArk
The first type is scareware , where victims get a pop-up on their screen stating there are vulnerabilities on their machine and they need to click on a link to pay for the software to fix the vulnerabilities . It scares people into paying for something they really don ’ t need .
But it ’ s the other three categories that are causing problems these days .
First is crypto , which is where the ransomware will go out and encrypt data and then hold the organisation to ransom in order to retrieve the encryption key .
Another variant , very similar in terms of its impact , is a locker variant ransomware which will lock out a system . Rather than encrypting data , it locks out a device and won ’ t allow access until the attacker is paid .
The fourth version – which is something we ’ re starting to see more and more recently and is twinned with either crypto or locker – is extortion . This is when data is stolen , exfiltrated and then held to ransom . Attackers will say ‘ if you don ’ t pay us , we ’ re going to release this data on the Darknet ’, as an example , and so you end up paying for the right to go and delete your own data from the attacker servers .
Can you give us some insight into how the frequency of ransomware attacks has changed and why ?
There are many different attributes as to why this has happened . One of them is to do with political relationships between countries – we have to be
Key issues are those such as the impact of pandemic and people working more remotely , in less secure environments . There ’ s a lot more fear , uncertainty and doubt that attackers are exploiting around things like COVID-19 and getting users to click on links and open attachments .
Most ransomware is delivered through some form of social engineering or a phishing attack , but it has become so easy for attackers to execute and get a return from that attack . There is also the increased rise of cryptocurrencies which make it easier for them to receive payment , but still remain anonymous and more difficult to track .
Why are existing tools and strategies not working against these types of threats ?
Perhaps what we focus on too much is stopping the ransomware from getting in and detecting it once it ’ s there because that becomes an evolving process . It is a continual movement of the goalposts .
We try and detect based on signatures , so attackers then change the code and manipulate those signatures . We try and chuck it on behavioural patterns so if a process methodically goes through and encrypts files alphabetically we can see that process is something we want to block and so again the attackers will then evolve their code to do encryption on a more sporadic basis .
A lot of the focus has been on that initial intrusion point and stopping and detecting it from executing , whereas
www . intelligentcio . com INTELLIGENTCIO AFRICA 31