The Problem with Russia

It’s hard to write about anything else after Russia invaded Ukraine 3 weeks ago. Everything else seems unimportant. But as they say, life goes on… It did make me think however, most ransomware comes from and benefits Russia, they invaded Ukraine, and many child pornography distributors hide in Russia. Does Russia care about anything else but its own well-being? Do they not have any conscience for the greater good? What kind of government would ignore child sexual abuse? A government that bombs maternity hospitals that’s who! I am officially declaring this RUSSIAN SHARK WEEK! They are predators, but unlike sharks who act on instinct, they have a higher intelligence. They deserve none of the respect we give sharks…

Who Benefits from Ransomware?

An interesting article here, 74% of ransomware revenue goes to Russia-linked hackers. No big surprise there. In my years in law enforcement, I have observed that the majority of cyber-attacks, including ransomware, came from Russia or old Soviet countries. As a side note, it’s also my experience that the majority of child pornography distributors were in those countries. We would report it to Interpol, and they were supposedly going to advise the Russian government. We never heard back so we could only hope that they did. Russia has been showing its true colours for a long time. Someone gets hacked in Canada? Who cares. A child is sexually abused in the United States? Who cares. Ukraine wants to have democracy and join the European Union and NATO? Let’s invade them!

What is Ransomware

Ransomware is a type of malware that denies a user’s access to files or systems until a sum of money is paid. How do you get infected? Phishing emails, downloading infected files from unknown websites, and exposed services such as Remote Desktop (RDP) are the most common ways you may get infected. Once infected, the malware encrypts all files preventing access to the information and systems on your devices. Your compromised network can also be used to spread the ransomware to other connected systems and devices.

How you can prevent Ransomware

The easiest tips to prevent or minimize your exposure to ransomware are:

  1. Keep all computer systems updated
  2. Limit the number of IoT (internet of things)
  3. Resist clicking on email links
  4. Have an offline backup of important data

Patching systems as soon as possible is very important. Many cyber criminals will examine patches and look for vulnerabilities which are currently present on non-updated systems. The longer you wait, the more time you give criminals.

IoT or internet of things is the new phenomena of having internet access on all your devices. Does your fridge really need internet access? There is a new way of thinking called Zero Trust Security. Basically it is the reverse of having everything connected. Only connect the devices that really need network access and only give them the lowest permissions required.

Clicking on email links and attachments is very tempting. Some look very genuine. User education is key here and a good malware scan solution.

Finally, one of the best ways to recover your data is to have offline backups of important data. Ransomware is very good at looking for backups and this is one of the first thing attackers will do when they map out your network. Before they initiate the ransomware attack, they will look for your backups and encrypt those first! For example, the DEADBOLT ransomware specifically looks for NAS (network accessed storage). Having an offline backup solution in my experience has saved many clients from losing everything.

Should you pay the Ransom?

According to this article, ransomware recovery costs have doubled last year. The decision to pay a ransom to release your files or devices is difficult, and you may feel pressured to give in to their demands. Before you pay, contact me to discuss your options. We have experience in dealing with such matters and can negotiate for you. Very often we can negotiate a lower price. Even if you pay, cyber criminals may still carry out the following actions:

  1. Demand more money;
  2. Continue to infect your devices or other organizations’ devices;
  3. Re-target your organization with a new attack;
  4. Copy, leak, or sell your data.

It is also possible to get cyber insurance. But the cost for this service has been going up and the approval has been going down! Stay safe out there and watch out for sharks!

If you have any questions, contact me on LinkedIn. It is the best place to reach me.