Thursday, November 04, 2021 / 10:10AM / By IkennaNdukwe, Assistant Consultant, PhillipsConsulting / HeaderImage Credit: Phillips Consulting

Imagine this; youhave had a long day at work. It has been gloomy and stressful, and you arepicturing yourself relaxing at home - taking a nap or watching a movie, maybe.These thoughts give the rest of your day a glimmer of light as you make yourway home. Finally, you try to unlock your door at home, and it does not budgeno matter how hard and how many times you twist and turn. You try another door,the same result. Upon further examination, you realise that the locks of yourentries have been changed. Somehow, someway, an intruder was able to replacethe locks of your door. On the threshold of one of the doors, you see a notethat reads, "YOUR LOCKS HAVE BEEN CHANGED! YOU HAVE 6 HOURS TO PAY TO GET THENEW KEYS." Your day just got worse.

The scenariopainted above describes how a ransomware attack works and how frustrating itcan be for organisations and individuals that fall victim. On the back of adigitally disruptive post-covid era, the frequency of Ransomware attacks hasbeen trending in the news in 2021. In fact, according to Cognyte - a globalleader in security analytics, in the first half of 2021, the number ofransomware attacks nearly doubled, with the number of victims growing by almost100%. You may have read of ransomware attacks on private and publicorganisations or perhaps have experienced it yourself.

What is Ransomware? 

Ransomware ismalicious software or malware that prevents an individual or organisation fromaccessing their systems or files and demands that a ransom, usually in acryptocurrency, be paid to regain access. It is a growing problem and afrightening prospect to have all your data locked up until you pay up. Duringthe infamous WannaCry ransomware attack of 2017 - the largest in history,approximately 200,000 victims from nearly 150 countries were asked to pay aransom in Bitcoin.

In more recenttimes, the largest fuel pipeline in the United States - Colonial Pipeline, wasforced to shut down operations and freeze information technology systems afterbeing the victim of a ransomware attack in May 2021. Colonial Pipeline paid thehackers a $4.4 million ransom in Bitcoin. In June 2021, the world's largestmeat processing company - JBS, paid the equivalent of $11 million in Bitcoin toput an end to a ransomware attack. These reports show that the global impact ofransomware has reached new heights in 2021. These attacks not only fleeceorganisations of millions of dollars but also impact public lives.Cybercriminals are also expanding their targets, leaving no one safe fromfinancial damage or reputation-crushing headlines.

How exactly does a cybercriminal execute a ransomware attack? 

First,cybercriminals usually exploit a vulnerability or weakness to gain access to asystem or network. Having such access enables the hacker to activate themalware needed to encrypt or lock up your systems and files. There are severalways that ransomware can infect your systems:

Malspam: Some cybercriminals use spam, where emails withmalicious attachment(s) are sent to as many people as possible, seeing whoopens the attachment(s) and "takes the bait." These mails could also containlinks to malicious websites.

Malvertising: This is using online advertising to distributemalware with little to no user interaction required. While browsing the web,ransomware can redirect users to malicious websites without clicking orinteracting with an ad.

Spearphishing: The sole purposeis to get inside the recipients' heads and make them think the messages they'reresponding to are legitimate - achieved due to personal touches designed tomake them believe what they're dealing with is a genuine individual or entity.These personal touches can be gotten from their social media accounts abouttheir interests, places often visited, jobs, etc.

Socialengineering: Malspam,malvertising, and spear-phishing often do contain elements of socialengineering. Cybercriminals can trick users into opening attachments orclicking links by appearing legitimate. This method is focused on "hacking theindividual."

Whichever way ormethod the cybercriminal uses to compromise your systems, the ransomwareencrypts your files, and once they gain access, this prevents you fromaccessing them. A message is displayed demanding a ransom payment to restoreyour access.

The threat landscape in Africa

While theransomware attacks that make the headlines are often based in developedcountries, and Africa is not considered a focus area for the more advancedtypes of cybercriminal activity, the continent is not immune to these cyberrisks. Considering the growth of digital transformation and increased remoteworking triggered by the COVID-19 pandemic, Africa is becoming an attractivetarget for cybercriminals looking to exploit a lack of end-user awareness andcybersecurity understanding. Kaspersky - a global leader in cybersecurity,reports that malware is rife across the continent, with various countriesexhibiting strong growth across multiple malware types in 2021. In the firstsix months of 2021, as many as 85 million malware attacks, a 5% rise comparedto the corresponding period in 2020, were detected in just four countries.

All countriesexcept Kenya saw a relative growth of malware attacks. Compared to the previousyear, Kenya's number of attacks was down by 13%. South Africa and Ethiopia haveseen an increase of 14% and 20%, respectively, with Nigeria seeing the mostsignificant increase of 23%. These figures prove that cybercriminals arebeginning to refocus their efforts to compromise corporate and consumer systemswithin Africa. Cybercriminals are working overtime, so organisations andindividuals must take proactive steps to protect themselves and their assets.

How to insulate your business from ransomware 

Based on thesefindings, the following best practices are recommended:

Assume youwill be the next victim. Ransomwareremains highly widespread. No industry, country, or organisation size is immunefrom the risk. It is better to be prepared but not hit than the other wayround.

Makebackups. Backups arethe number 1 method organisations use to get their data back after an attack.Paying the ransom will only get you some of your data - an average of 65% ofinformation is restored after the payment of ransom, according to a Sophosstudy, so you will need to depend on backups either way.

Defence indepth. There is nota single control or safeguard that is 100% foolproof. Hence, multiple rules,implemented serially, will provide a greater level of protection assurance. Uselayered protection to block attackers at as many points as possible across yourenvironment.

Combineanti-ransomware technology with human experts. The remedy to stopping ransomware is defencein depth that combines dedicated anti-ransomware technology and human-ledthreat hunting. While technology provides the scale and automation you need,human experts can best detect the tell-tale tactics, procedures, and techniquesthat indicate that a skilled attacker is attempting to get into yourenvironment.

Do not paythe ransom. While thisis easier said than done, paying the ransom is ineffective to get your databack. If you do decide to pay, be sure to include in your cost/benefit analysisthe expectation that the cybercriminals will restore, on average, only 65% ofyour data and files.

Have amalware recovery plan. The best way to stop a cyberattack from turning into a complete breachis to prepare in advance, be proactive. Organisations that are victims of anattack often realise they could have prevented a lot of pain, cost, anddisruption if they had an incident response plan in place.

But there is a lotmore, and at pcl., we have got you covered. We help build and maintaincyber-resilient enterprises with various offerings cutting across people,technology, and processes to guide our clients as they navigate thesedisruptive times. Our approach involves understanding the context of yourbusiness environment, identifying internal and external factors andstakeholders that could influence your overall protection strategy, yourbusiness drivers - mission, vision, goals, and objectives, and the threats andrisks that could prevent you from achieving those objectives. Our assessmentmethodologies incorporate both technical and non-technical approaches tostrengthen your security posture holistically. Beyond assessments, we partnerwith you to navigate from your current state to the desired future state thatwill deliver the needed return on security investments. In addition, we offertechnology consulting services and products from FinTech, Data Analytics,Standards & Compliance, and Training. Do reach out to us!

Protect yourselfand your assets, do not be another statistic!

Credit: Safeguarding AgainstRansomware in a digitally Disruptive Age first appearedin Phillips Consulting Blog on November 2nd, 2021

PreviousPosts by Phillips Consulting

1.  Addressingthe Financing Gap Facing MSMEs in Nigeria

2. WhyEmployees feels Disconnected from the Business

3. Nigerian Economy in a Post-Pandemic Era: A Big Leap orMasked Recovery?

4. How Technology Advancement Revolutionalised Fintech: BigData

5. Growth through Digital Technology

6. Building Sustainable Institutions through DiversityManagement

7. Driving Cost Optimization and Employee Engagement ThroughCompetence

8. Effectively Assessing the Skills of Your People

9. Digital Transformation: The Medium Is Not the Message

10. Workforce Planning in the New Normal

11.  Succession Planning - A Focus on Microfinance Banks inNigeria

12. Boarder-less Workplaces: A Review of the Concept andBenefits

13. Three New Rules of Talent Development

14. Your People, Your Biggest Brand

15. Dynamic Working and the New People Policies

16. What to Look Out for in the World of Learning in 2021

17. Effective PerformanceManagement Practices in the New Normal 

18. Cost Optimization Through Organizational Effectiveness 

19. Cybersecurity Checklists for Remote Working

20. Improving Business Efficiency Through Analytics

21. Turbocharging the Year with the Right Competencies