The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks
By Alan Calder and Stephen Perring
()
About this ebook
The fastest-growing malware in the world
The core functionality of ransomware is two-fold: to encrypt data and deliver the ransom message. This encryption can be relatively basic or maddeningly complex, and it might affect only a single device or a whole network.
Ransomware is the fastest-growing malware in the world. In 2015, it cost companies around the world $325 million, which rose to $5 billion by 2017 and is set to hit $20 billion in 2021. The threat of ransomware is not going to disappear, and while the number of ransomware attacks remains steady, the damage they cause is significantly increasing.
It is the duty of all business leaders to protect their organisations and the data they rely on by doing whatever is reasonably possible to mitigate the risk posed by ransomware. To do that, though, they first need to understand the threats they are facing.
The Ransomware Threat Landscape
This book sets out clearly how ransomware works, to help business leaders better understand the strategic risks, and explores measures that can be put in place to protect the organisation. These measures are structured so that any organisation can approach them. Those with more resources and more complex environments can build them into a comprehensive system to minimise risks, while smaller organisations can secure their profiles with simpler, more straightforward implementation.
Suitable for senior directors, compliance managers, privacy managers, privacy officers, IT staff, security analysts and admin staff – in fact, all staff who use their organisation’s network/online systems to perform their role – The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks will help readers understand the ransomware threat they face.
From basic cyber hygiene to more advanced controls, the book gives practical guidance on individual activities, introduces implementation steps organisations can take to increase their cyber resilience, and explores why cyber security is imperative. Topics covered include:
- Introduction
- About ransomware
- Basic measures
- An anti-ransomware
- The control framework
- Risk management
- Controls
- Maturity
- Basic controls
- Additional controls for larger organiations
- Advanced controls
Don’t delay – start protecting your organisation from ransomware and buy this book today!
About the author
Alan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru, and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications).
Alan has consulted for clients across the globe and is a regular media commentator and speaker.
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsRisk Assessment for Asset Owners Rating: 4 out of 5 stars4/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5IT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5PCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5The EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsNine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5The Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Network and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratings
Related to The Ransomware Threat Landscape
Related ebooks
The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsBuilding an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratingsIT Security Concepts Rating: 5 out of 5 stars5/5The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsBuilding an Intelligence-Led Security Program Rating: 5 out of 5 stars5/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5The Psychology of Information Security: Resolving conflicts between security compliance and human behaviour Rating: 5 out of 5 stars5/5Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware Rating: 5 out of 5 stars5/5Modern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5Cybersecurity: The Hacker Proof Guide To Cybersecurity, Internet Safety, Cybercrime, & Preventing Attacks Rating: 0 out of 5 stars0 ratingsNIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Book 3 Rating: 0 out of 5 stars0 ratingsThor's Microsoft Security Bible: A Collection of Practical Security Techniques Rating: 0 out of 5 stars0 ratingsHackable: How to Do Application Security Right Rating: 5 out of 5 stars5/5Web Application Security is a Stack: How to CYA (Cover Your Apps) Completely Rating: 0 out of 5 stars0 ratingsInformation Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data Rating: 5 out of 5 stars5/5Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization Rating: 1 out of 5 stars1/5Trends In Cybersecurity: The Insider To Insider Risks Rating: 0 out of 5 stars0 ratingsCyber Security Consultants Playbook Rating: 0 out of 5 stars0 ratingsNext Generation Red Teaming Rating: 0 out of 5 stars0 ratingsCybersecurity and Infrastructure Protection Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Landscape of Cybersecurity Threats and Forensic Inquiry Rating: 0 out of 5 stars0 ratingsHands-on Incident Response and Digital Forensics Rating: 0 out of 5 stars0 ratingsSecuring the Cloud: Cloud Computer Security Techniques and Tactics Rating: 5 out of 5 stars5/5
Law For You
Trans: When Ideology Meets Reality Rating: 3 out of 5 stars3/5Legal Words You Should Know: Over 1,000 Essential Terms to Understand Contracts, Wills, and the Legal System Rating: 4 out of 5 stars4/5Verbal Judo, Second Edition: The Gentle Art of Persuasion Rating: 4 out of 5 stars4/5Win Your Case: How to Present, Persuade, and Prevail--Every Place, Every Time Rating: 5 out of 5 stars5/5Devil in the Grove: Thurgood Marshall, the Groveland Boys, and the Dawn of a New America Rating: 4 out of 5 stars4/5Estate & Trust Administration For Dummies Rating: 0 out of 5 stars0 ratingsThe LLC and Corporation Start-Up Guide: Your Complete Guide to Launching the Right Business Rating: 5 out of 5 stars5/5Wills and Trusts Kit For Dummies Rating: 5 out of 5 stars5/5Critical Race Theory: The Cutting Edge Rating: 4 out of 5 stars4/5No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State Rating: 4 out of 5 stars4/5Law For Dummies Rating: 4 out of 5 stars4/5Legal Writing in Plain English: A Text with Exercises Rating: 3 out of 5 stars3/5The Everything Guide To Being A Paralegal: Winning Secrets to a Successful Career! Rating: 5 out of 5 stars5/5The ZERO Percent: Secrets of the United States, the Power of Trust, Nationality, Banking and ZERO TAXES! Rating: 5 out of 5 stars5/5How to Think Like a Lawyer--and Why: A Common-Sense Guide to Everyday Dilemmas Rating: 3 out of 5 stars3/5The Socratic Method: A Practitioner's Handbook Rating: 4 out of 5 stars4/5No Stone Unturned: The True Story of the World's Premier Forensic Investigators Rating: 4 out of 5 stars4/5The Paralegal's Handbook: A Complete Reference for All Your Daily Tasks Rating: 4 out of 5 stars4/5Patents, Copyrights and Trademarks For Dummies Rating: 4 out of 5 stars4/5Win In Court Every Time Rating: 5 out of 5 stars5/5Executor's Guide, The: Settling a Loved One's Estate or Trust Rating: 0 out of 5 stars0 ratingsThe Law Rating: 4 out of 5 stars4/5Drafting Affidavits and Statements Rating: 4 out of 5 stars4/58 Living Trust Forms: Legal Self-Help Guide Rating: 5 out of 5 stars5/5The Mueller Report: Final Special Counsel Report of President Donald Trump and Russia Collusion Rating: 4 out of 5 stars4/5The Everything Executor and Trustee Book: A Step-by-Step Guide to Estate and Trust Administration Rating: 3 out of 5 stars3/5Death in Mud Lick: A Coal Country Fight against the Drug Companies That Delivered the Opioid Epidemic Rating: 4 out of 5 stars4/5
Reviews for The Ransomware Threat Landscape
0 ratings0 reviews
Book preview
The Ransomware Threat Landscape - Alan Calder
reading
INTRODUCTION
In May 2017, someone in the UK’s National Health Service clicked a link in an email. Within hours, hospitals, surgeries and offices across the country were being shut out of their own systems, causing delays to critical healthcare. For several days, the NHS was paradoxically in a state of both paralysis and upheaval: crucial health information couldn’t be accessed, appointments couldn’t be made or checked, and patients were left waiting; meanwhile, IT teams scrambled to contain the outbreak and searched for a solution.
WannaCry, the ransomware to blame, went far beyond the NHS: it affected around a quarter of a million computers in 150 countries, including devices used by critical national infrastructure, industrial control, state agencies, multinationals and private citizens alike. The final bill was in excess of US$4 billion, with the attackers raking in nearly $400,000.¹
None of this should be news today: the ransomware attack made headlines across the globe and probably did more to get companies to update their software and operating systems than any other single action in history. However, as with many other crises, lessons are often only remembered for a short period. Once the drama has faded and other disasters fail to emerge, it’s very easy to settle back into old habits.
While there was certainly a lot of luck involved in the WannaCry outbreak – both enabling the attack to be effective and to reduce its longevity – these elements of luck should really serve more as warnings:
1. The NHS was not the target. Like most malware, once it was released into the wild, the ransomware would simply cripple whatever systems it could whenever it was able to.
2. The ‘kill switch’ that was discovered let the world recover relatively quickly.
3. WannaCry targeted a vulnerability for which there was already a patch, so it could only affect systems with out-of-date components.
All of these can be read to work in the public’s favour: it was random chance that it happened at all, it was all over with quickly, and it only affected out-of-date systems. Surely that means the whole thing was just dumb luck on the attackers’ part? Sadly, there’s a better way to interpret these details:
1. Like any other malware, it was untargeted. This means that a more effective, more damaging piece of malware could have been spread in the same way.Certainly, more targeted attacks have caused significant damage albeit on a more limited geographical scale.
2. The overwhelming majority of ransomware doesn’t have a kill switch that’s so easy to discover.
3. WannaCry’s impact demonstrated just how much of the world’s computing resources were out of date. It’s likely that a comparable proportion today is also out of date.
We also need to remember that malware of all kinds evolves:its developers want to have the best product out there, and they’re in a constant arms race with software vendors that are trying to plug gaps in their code. The fact that no other ransomware has had the same global impact since isn’t really a vindication of modern cyber security: it’s just another matter of dumb luck.
No organisation – whether multinational, SME, micro, government body or charity – should rely on dumb luck for its security.
This is especially true with regard to ransomware, which is the fastest-growing malware in the world. In 2015, it cost companies around the world US$325 million, which rose to $5 billion by 2017 and is set to hit $20 billion in 2021.² Logically, the only way it can achieve such staggering growth is by either increasing the number of targets hit or significantly increasing the damage of an attack.
The statistics currently support the latter, as there has been relatively low growth in the number of ransomware attacks. SonicWall reports that 2019 actually saw a 6% decline in the number of ransomware attacks³ – but the damage was considerable: Emsisoft Malware Lab found that ransomware in 2019 cost the US alone more than $7.5 billion.⁴ It’s also worth remembering that a reduction or stalling in the number of ransomware attacks isn’t proof that they are in decline – it’s just as likely that there will be a resurgence as soon as a key vulnerability is identified.
This doesn’t paint the full picture, however, as ransomware is only part of the overall malware biome. During the same time period, Malwarebytes observed a 73% increase in Emotet infections – Emotet is a Trojan often used to deliver ransomware payloads.⁵ An increase in this sort of malware is often linked to an increase in ransomware. In this instance,