contact us

Yüksek fidye yazılımı maliyetleri, önleyici tedbirler almayı zorunlu kılıyor mu?
Fidye yazılımı, kurbanın tüm önemli verilerini şifrelediği veya sildiği sisteme yüklenen kötü amaçlı bir yazılımdır. Silinen veriler, saldırganlara fidye yazılımı aktarıldıktan sonra kurtarılır.

Yüksek fidye yazılımı maliyetleri, önleyici tedbirler almayı zorunlu kılıyor mu?

Fidye yazılımı saldırıları, COVİD-19'un kendi başına hasara yol açtığı zaman dünya çapında yaygınlaştı. Neredeyse her gün, çeşitli sanayi sektörlerindeki kuruluşlar bu kötü niyetli saldırıların hedefleri haline geldi. Birçoğu uygun şekilde korunmamıştı ve fidye yazılımı tehdidiyle başa çıkabilecek güvenilir bir siber güvenlik planına sahip değildi.

Derslerini alan kuruluşlar, verilerini kötü niyetli aktörlerden korumak için siber güvenlik uyguluyor.

Fidye yazılımını nasıl tespit edebilirim ve ona karşı koruma önlemleri nasıl alabilirim?

Dünyanın dört bir yanındaki güvenlik ekipleri, dijital platformlara çeşitli siber saldırılar gerçekleştiren siber suçlulardan gelen en büyük tehditlerden biriyle karşı karşıya.

Daha önce siber saldırılar, kurumlardan veya bireylerden gelen paradan veri çalmakla sınırlıydı. Bu saldırılar nispeten daha küçüktü ve bunları gerçekleştirme sıklığı küçüktü. Son birkaç yılda, fidye yazılımı olarak bilinen yeni bir siber saldırı biçimi, büyük şirketlere, devlet kuruluşlarına ve perakende tedarik zincirlerine saldırmak için kullanılıyor.

Fidye yazılımı kavramı basit ve uygulanması kolaydır. Bununla birlikte, mağdurun kim olduğuna bağlı olarak, hasar çok büyük olabilir. Fidye yazılımı, kurbanın tüm önemli verilerini şifrelediği veya sildiği sisteme yüklenen kötü amaçlı bir yazılımdır. Silinen veriler, saldırganlara fidye yazılımı aktarıldıktan sonra kurtarılır.

Fidye yazılımı nasıl çalışır?

It usually infiltrates a system by downloading malicious software into computers, laptops, and smartphones. One of the common ways is the phishing method when an attacker sends a malicious link via email to the victim. Once the user opens the link, the Malware gets installed on the device. 

Another method is known as the "Trojan Horse" style, where malicious software comes disguised as legitimate online software. Unsuspecting users download and install the software and infect the system. Once Malware enters the system, it stays there undetected for some time before attacking. They take over the system and search for files that are to be encrypted. They infect other systems in the network until the system crashes. The Malware Detection then becomes public to the victim organization.  

The condition for decrypting the data is ransom payment, usually in dollars or cryptocurrencies such as Bitcoins which is difficult to trace. Many attackers steal and sell it to third-party cybercriminals. Others use it for espionage activities. 

 How to detect a Ransomware attack?

In present times, it would be complicated to find an organization that does not have a cybersecurity protocol in place for its IT system. Despite this, Ransomware attacks are taking place at random across different industries. An IT Security team needs to be alert and watch out for signs of a Ransomware attack. 

Some of the indicators for ransomware detection are:

  • An abnormal file system activity shows hundreds of files whose modification activity had failed. It usually happens when Ransomware or Malware tries to access these files. 

  • A sudden increase in CPU and disk activity without any plausible reasons indicates a security breach. It occurs when Ransomware is searching, encrypting, or removing data files. 

  • Unable to access specific files. It results from the Ransomware having already deleted, renamed, relocated, or encrypted the file.

  • Suspicious communication in the network. It is when the attacker is giving commands to the Ransomware.

The cost of Ransomware

Despite all the precautions taken, Ransomware attacks are not going to stop. It is estimated that by 2031, ransomware attacks will take place every 2 seconds and cost the victims $250+ billion annually. 

While everyone suffered during the Covid -19 pandemic, but for ransomware attackers, 2020 was a good year. The attacks increased due to remote workplaces that compromised cybersecurity as more companies paid up. 

Some of the mid boggling figures for 2020 Ransomware attacks 

  • The average ransom amount paid by the victim was $312493, up by 171 % over the previous year.

  • The highest ransom amount paid was $ 10 million. In 2019 it was $5 million.

  • 58% of the victims paid up the ransom amount.

Apart from the above pay-outs, there are remedial costs incurred for putting the organization system up again after recovering from the attack. These costs included IT expenses to rebuild or upgrade servers or migrate to cloud data. There were also operational losses due to business disruptions and revenue lost due to downtime. 

Some of the statistics for remediation costs

  • The forensic investigation cost an average of $ 207 875 after a ransomware attack.

  • The average downtime after an attack was 16 days.

  • The average loss per downtime per attack was $ 283,000

Apart from the direct costs, the intangible costs were far more. Bad publicity, impact on brand image, and erosion in confidence from customs, vendors other stakeholders was the usual outcome after an attack.  

How to prevent Ransomware attacks? 

Some of the best practices will help prevent Malware from infecting the systems and enhance the system's security measures too.  

  • Deploy robust antivirus software in the endpoint system.

  • Ensure email security with a powerful password management system.

  • Activate DNS web filtering to block malicious sites. 

  • Have regular security awareness training for the employees of the organization. 

Using cloud-native security solutions  

Using the cloud-native DNS layer security solutions helps as it blocks the first phase of a cyber-attack. Ransomware attacks get averted at the internet gateway itself. Security solutions block internet connections to malicious sites that are often the source of ransomware attacks. The security at the DNS and IP layers process millions of internet requests from thousands of businesses to prevent users from accessing the malicious sites. 

Users access data and apps from different networks and devices like laptops and mobiles. Hence, it is mandatory to have ransomware security across the board. 

Having individual stand-alone solutions may not be viable for organizations. Cyber security solutions combine DNS-Layer, firewall, Cloud access security broker (CASB), and Secure Web Gateway (SWG). They are bundled as SaaS or PaaS to help organizations of all sizes secure their employees' data applications from wherever they happen to be. 

Another proactive way to prevent Ransomware is to use threat intelligence. It helps to discover and block new threats before they attack. Using cyber security solutions from firms with a proven track record against cyber threats is recommended. It can be verified with independent third-party validation of its threat detection efficacy. 

Final thoughts 

There have been continuous cyberattacks in 2021, with 68.50% of the organizations victimized by ransomware attacks. These statistics make it imperative to take preventive measures to safeguard one's data as it is clear that ransomware attacks are not going anywhere.