Ransomware, think you are safe? Think again. It’s not personal!!

Ransomware attacks are no longer an “if” but a “when”. 60% of firms do not recover from a ransomware attack and go out of business.
Components of a Ransomware attack:
· Object Oriented Code: Reusable code.
· Bot = (digital robot) = Automation
· Malware = Malicious software
· Black Hat = An individual or organization with malicious intent.
To execute a Ransomware attack: Black Hats attack either:
· People (Phishing)
· Process (You automatically update your software — SolarWinds)
· Technology (Exploiting a vulnerability like an open port, or a down level Operating System that has not been patched.)
Anatomy of a Ransomware Attack: 
There are infinite schemes and schemers executing this strategy.
1. A Black Hat comes up with a scheme and strategy to do damage to someone, or something.
2. They architect how they will execute the acts necessary to do their mischief. (Bots)
3. They access code libraries to find the object code necessary. “Dark Web”.
4. They execute the code on the internet.
Understand that these techniques are relatively new. (In the last 10 years). A great amount of the Billions of objects in the code libraries is older than when security and tools to exploit flaws existed.
WannaCry: May 2017
A Bot programmed to find all Windows machines attached to the internet with a certain Operating System Revision level. Once found — install the WannaCry object code. It immediately encrypts the systems files and locks the machine. Displays an extortion note that demands a ransom (To be paid in Bitcoin) to purchase the key to unlock the system, and decryption key. Directions are given to perform the financial transaction by a certain date and time. Millions of machines effected.
SolarWinds: December 2020
The Black Hat penetrated SolarWinds. Installed their Malware into a version of a new feature upgrade patch that was to be part of the standard SolarWinds Software Maintenance Schedule. SolarWinds published the patch, and in doing so, unwittingly distributed the malware to thousands of clients, and tens of thousands of machines. Millions of machines effected.
Log4j: December 2022
This malware took advantage of some very standard object code that most printers use. Black Hat created a bot that searches for printers that use the specific Log4j code. Install the malware in the printer’s command structure. Next time you print, the malware installs in the host system. Systems then uploads to the network and spreads. Millions of machines effected.
How to Defend against Ransomware:
Have Experts Perform Cyber Hygiene Practices regularly and relentlessly. A Sampling of Best Practices: Note: All are People, Process and or Technology related.
1. Understand your data. Know what is critical, and where it is located within your network.
2. Training of all employees on cyber risks
3. Encrypt your data when and where possible.
4. Back up all data regularly to three levels. A Local copy, a Local backup copy, and a remote copy that is “Air Gaped” from the system.
5. Patch management. always maintain current patching levels on all machines! The majority of Patches are security related.
6. Segregate your network and systems into layers and zones with specific access rights between them (ALM) . Identity and Access Management (AIM). Who can get to what data… Where…
7. Execute Risk Assessments (people and processes.) Penetration Testing and Vulnerability Assessments / Scanning (Technologies) on a regular basis. Remediate.
8. Password Management — Have a strict Password Policy and mandate it.
9. Multi Factor Authentication (MFA) — for access to the edge devices and the network.
10. Incident Response and Disaster Recovery — (IR/DR) Create a plan. Test the plan at least once a year.
11. Sanitize your code (If you can.)
12. Log data review — monitors the interactions between machines.
13. Invest in Cyber-Insurance.
14. Create a BitCoin account. IF you suffer a Ransomware attack, you may decide to pay the ransom. It is prudent to have that option as an immediate fix shortening the time to be able to set up a transaction.
15. Research and execute all of the above steps and line up the resources and experts prior to when you may need them.
A major Ransomware incident can cost your company from 5X to 10X the cost of the preventative steps above. Note: 60% of firms never recover from a major incident and go out of business.
It is not personal. Most of the ransomware process is automated by Bots (See below). Most attacks are not predictable or defendable. Prepare by doing as many of the preventive measures you can reasonably afford. Cyber Security is risk related. How much risk you accept is a function of the budget and assets you apply to the risks.
Bots: More than half of internet traffic is bots that interact with web pages, talk with users, scan for content, scan for vulnerabilities and perform other tasks.
Social Engineering: Is used on social media to target your business account or employees’ accounts.
Phishing: Social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malware.
Spear Phishing: Phishing that targets specific individuals or groups within an organization and involves prior research.
Physical Attack: A “Thumb drive” is left in a place that a random employee will find it. Plug it into their system, unknowingly downloads Malware into the system.
Ransomware: Is malware with the specific intent of creating a Ransom event. It usually encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. In this extortion scheme, recovering files without the decryption key is an intractable problem — and difficult to trace. Digital currencies like Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Zero-Day Attack: Is a stealthy Malware that resides in a device, system and or network that is undetected. Some form of trigger event happens, a remote command, or a time increment that will trigger it to do its mischief.