Are you ready to peek into the dark side of the internet? In the latest episode of White Hat Riddles, Krasimir Kotsev, cybersecurity expert and founder of SoCyber and Kikimora.io, and Angel Sirakov, marketing director at the companies, open the door to ransomware attacks.
Think these cyber threats are just lone hackers? Think again.
Who’s behind these attacks?
Contrary to popular belief, ransomware attacks aren’t carried out by lone hackers, but by well-organized groups. These organizations are pretty big, sometimes with up to 100 employees. They have managers, security researchers, and even negotiators who communicate with the victims.
The most notorious ransomware groups, such as Darkside, Lockbit, and Maze Gang, are often funded by governments in countries such as Russia, North Korea, and China. They operate like normal businesses, hiring employees and even posting job ads on platforms such as Upwork.
Who are the most common targets?
The most common targets of ransomware attacks are financial institutions, hospitals, and organizations that store large amounts of sensitive data.
Imagine encrypting hospital systems and making them inaccessible to surgeons, for example.
When it comes to operating systems, Windows is the most commonly attacked due to the way it executes files and its widespread use.
How can we recognize a ransomware attack?
A ransomware attack is usually recognized when files on your computer change their extensions—for example, from .jpg to .locker or .crypto. When you try to open the file, it becomes unreadable. A note demanding a ransom usually appears on the desktop.
What to do in case of an attack?
In the event of a ransomware attack, it is important to follow certain steps, which are summarized below:
Do not shut down the system – the decryption key may be stored in the RAM
Isolate the system from the network to prevent further spread
Contact the IT department responsible for incidents
Analyze the cause and look for backups
Report the incident to the appropriate authorities, if necessary
Never pay the ransom, because you never know the outcome. Besides, you are financing the hackers.“
How can we protect ourselves?
To protect their organizations from ransomware attacks, Krasimir Kotsev recommends:
- Network segmentation – isolating departments from each other at the network level
- Endpoint protection – implementing security software
- Regular backups – creating backup copies of important data
- Employee training – on phishing attacks
- Cyber insurance – for additional financial protection
A few pitfalls
The human factor remains one of the biggest vulnerabilities in cybersecurity. That is why it is extremely important for organizations to invest in regular training for their employees. Unlike individual training, organizations are advised to hire specialized companies that can conduct customized training, often combined with social engineering campaigns (e.g., simulated phishing attacks) to assess employee awareness levels and identify weak links.
Physical access is one of the most underestimated threats. This refers to the risk of attacks via USB devices, for example, which can execute pre-set malicious code when plugged in. It is therefore important for organizations to have strict access rules and to control the use of external devices. There are also software solutions on the market to restrict the execution of unknown files.
File-based attacks – the ability to hide malicious code in seemingly harmless files such as images or videos is still present. Although this method was more popular in the past, modern security systems can usually detect it.
The role of AI
Artificial intelligence is changing the landscape of cybersecurity. On the one hand, it helps attackers automate their campaigns and target organizations more effectively. On the other hand, cybersecurity solutions rely on AI to identify threats faster and connect different data sources.
It’s a game of cat and mouse. Things change every day. Tomorrow, hackers will be a little more advanced, and in two days, there will already be protection against what they have developed,“ says Krasimir Kotsev.
With organizations becoming increasingly dependent on digital systems, investing in cybersecurity and creating a culture of awareness among employees is becoming increasingly important to protect against ransomware and other cyber threats.
Translated with DeepL.
Източник: Economic.bg
