Ransomware is a threat that strikes fear into the heart of most CISOs: The sudden realization the organization is shut out of its entire system is bad enough, but also to be faced with blackmail — pay up or else — isn’t the kind of dilemma C-level executives want to face.
But it is increasing, even in Canada. In the spring, a security vendor put out an alert that someone leveraging the Koler mobile app ransomware has fashioned an attack aimed at Canadians who visit porn sites. The payload is delivered by a movie viewer users are asked to download. Once infected a warning screen claiming to be from the RCMP pops up telling the user to pay a “fine” or the data on the smart phone will be deleted.
However, as this article points out, with some preparation infosec pros can be better armed for facing these kinds of attacks.
One of the most obvious defences is to daily backup the most valuable data the organization has and regularly practice restoring systems. An extortion attempt can be greatly diminished if the organization can bring back systems quickly.
Another is to recognize that more often than not ransomware gets injected into systems by staff falling victim to phishing email and visiting dangerous Web sites. Regular — more than once a year — employee awareness training and testing is vital to reducing the threat of ransomware.
Planning for the worst of any attack also includes being ready for the worst. That means having clear procedures on what should be done in any crisis including which employee should managing the situation, and what action should be taken.
These are just some of the things a CISO can do to mitigate blackmail. Remember, the situation is only hopeless because it’s been left that way.