Menu

6927Comments

Google
2021-04-11 07:36:31
Google Here is a great Weblog You might Obtain Interesting that we encourage you to visit.
Cyber Resilience: Automating Incidence Response By 75 Percent – Ken Gilmour
2021-04-09 17:04:23
[…] what was otherwise impossible manually. Harnessing the full potential of automation to….Read MoreSecurity […]
How AI Is Revolutionising Training – CIO East Africa – Njxxllc
2021-04-08 12:25:44
[…] Source link […]
How AI Is Revolutionising Training – CIO East Africa – Njxxllc
2021-04-08 12:25:26
[…] […]
Dennis Savai
2021-03-30 05:36:09
Membership activated because subscription was re-activated. Membership status changed from Expired to Active.
Dennis Savai
2021-03-30 05:36:09
Membership activated because subscription was re-activated. Membership status changed from Expired to Active.
Dennis Savai
2021-03-30 05:36:09
Membership activated because subscription was re-activated. Membership status changed from Expired to Active.
Dennis Savai
2021-03-30 05:36:09
Membership paused because subscription was put on-hold. Membership status changed from Expired to Paused.
Dennis Savai
2021-03-30 05:36:09
Membership paused because subscription was put on-hold. Membership status changed from Expired to Paused.
ActionScheduler
2021-03-29 17:48:38
action complete
Sign up or log in to comment…

No comments

There are no comment for this article yet.
Be the first one to post a comment!

Ransomware: Should you pay?

Ransomware maintained its attractiveness amongst cybercriminals in 2016. Of note is the steady growth on multiple platforms including...

Advertisement

Ransomware: Should you pay?
Teddy Njoroge, Country Manager, ESET East Africa.  

Ransomware maintained its attractiveness amongst cybercriminals in 2016. Of note is the steady growth on multiple platforms including mobile, which essentially means every mobile device user is vulnerable.

According to research by Internet Security firm ESET, Android mobile device users have been targeted by various types of ransomware. Most frequently the police themed ransomware which tried to scare victims into paying up after (falsely) accusing them of harvesting illegal content on their devices.

Many ransomware campaigns use phishing emails as an entry point and may arrive as part of another malware’s payload. Similarly an attack may be delivered by an exploit kit seeking vulnerabilities so as to install and execute the malware on the affected computer.

To the trained eye, or protected computer, it is easier to spot and remove these emails and delivery methods before the attack is deployed.

Advertisement

“Often, organizations realise they are under attack after the fact. At which point their data or documents have already been encrypted and an expensive demand note in untraceable Bitcoins, attached as a permanent screen saver on their computers“, says Teddy Njoroge, Country Manager, ESET East Africa.

To Pay or Not To Pay

Ransomware has turned into a multi billion dollar industry – meaning many attackers perpetrating the crime do in fact provide the encryption keys to unlock your data. If it became public knowledge that the perpetrators behind a particular strain of ransomware are not providing the necessary encryption keys, this would be bad for business.

There are however a few unfortunate circumstances which may result in you still not getting your data back, even after you pay a hefty ransom – often running into many thousands of dollars.

Advertisement

Firstly, many ransomware developers sell their code to syndicates and other criminals – some even provide simple to use web interfaces so anyone can reap a profit and earn them a percentage. In the case of the former though, you are relying on a twisted form of honour amongst thieves in the hopes that you’ll get the necessary keys to decrypt your data. They may very well be running short campaigns in order to extort various business and individuals only to disappear with your money.

Secondly, not all code is created equal. There have been numerous examples of ransomware where the encryption process was flawed in some way, or where there is no key even being stored/transmitted after an infection which could be used for the decryption process. This is of huge concern and experts continue to do great work in analysing the processes and routines of these variants in order to publish their findings to prevent people from paying for an encryption key that won’t work, or worse, doesn’t even exist.

Thirdly, if people continue to pay, the attackers will persist. Only by no one paying up will attackers eventually get the message that their ongoing efforts will not generate them any profit – to the benefit of all.

It is worthy to note that some attacks have been well orchestrated – cyber-criminals often do research before targeting a particular entity or organisation in order to determine the size of the organisation and the likely payment that can be made based on the amount of data affected – even worse identifying those who may have paid for similar attacks in the past.

Advertisement

“The best approach is for all to refuse to be bullied into making payments, no matter the demands. Understandably it is an easier decision to make if only one or two computers or websites are affected as opposed to an entire network of devices“, explains Njoroge.

Pro-Active Internet Security

Unfortunately as long as it remains profitable, ransomware will continue to be a problem, especially for emerging economies such as Kenya and the larger Africa. For this reason, precaution in the form of a robust internet security regime, supported by regular training of staff, based on an organization‘s cyber-risk profile would be a most preffered investment route.

Driven from a policy perspective, it is advisable to add dealing with ransomware to the organization‘s disaster recovery (DR) plans. In addition there are cyber-insurance options that can help an organization start over in case of the cyber-risk being realized.

A key component of DR is regular back-up of critical business data and documents at an offsite location. Based on the service level procured this should be done at regular intervals. ESET recommends StorageCraft as a world leading DR vendor – through proper implementation, in the event of ransomware infections, site wide disasters such as fires, floods and other events, one can restore business critical systems in minutes rather than hours or days.

A proper DR investment can also cost significantly less than paying up for ransomware, let alone the loss of money from impacted systems being unavailable for extended periods of time.

Do you have a story that you think would interest our readers? write to us editorial@cio.co.ke

Advertisement