• Skip to primary sidebar
  • Skip to content
  • Skip to footer
  • Home
  • Subscription
  • The Magazine
  • Podcast
  • Contribute
  • Advertise
  • Contact Us

Circuit Magazine

For Security & Protection Specialists

Most people are not aware of the real impact and threat of ransomware campaigns going on almost constantly. 

Most people are not aware of the real impact and threat of ransomware campaigns going on almost constantly. While I’m sure everyone knows of the ransomware attack on the Colonial pipeline and the more recent similar attack on JBS, these are only the latest and most visible in a continuous stream of attacks. These are just the tip of the iceberg. The true scale is hidden not only by the media but also by a reluctance to talk about the problem.

In the Colonial pipeline case, a ransom payment was made of $4.4 million. It sounds sizable. Estimates of the worth of ransomware as a global industry range between $1 to $10 trillion. That means if every single ransomware attack received the same payment as the Colonial pipeline, we would be looking at a minimum of 200 000 such attacks each year, more than 500 per day. The vast majority of attacks do not even come close to that level of fine, so we are looking at a lot more incidents, impacting a huge number of people every day.

So what is ransomware?

The layman’s view of ransomware is software that encrypts some files then demands payments to decrypt them. However, modern ransomware organisations are becoming more sophisticated. The encryption of files still happens, though attackers will often exfiltrate information and threaten to publish it if payments are not made. Partial publications are often made to back up the threat. And quite frankly, there is no guarantee that on payment of the ransom, the victim will receive their data back, let alone prevent future threats and publication. What is guaranteed is that they are now marked as a potential income source for future attacks.

It’s also important to note that much of today’s ransomware is effectively a commercial product. Criminals can license the software or purchase it as a managed service and deploy it where they’ve already gained access. Alternatively, and growing more and more common, a group may license the core software, customise it, and buy access to organisations from access brokers who make their living simply by finding ways in and selling that on.

Even where payment is made, and the keys are provided to decrypt the files, there are no guarantees that they will work faster than restoring from backups, if they work at all.

What are the good guys doing?

Many security researchers look for ways to break or exploit ransomware, finding ways to decrypt files that don’t require any communication with the attacker. This is an ongoing battle, and the debate still rages about whether to publicise these tools or keep them quiet. In a recent case, a certain well-known security company published their decryption tool using a hole in the software discovered by a researcher. Of course, the ransomware organisations have access to the same internet as the rest of us, found the tool, reverse engineered it, and improved their software to prevent the hole from working in future.

What’s the real impact?

Cases like the Colonial and JBS attacks are well-publicised and relatively rare. The vast majority of attacks never reach the headlines, and just as with everything else in business, most of them don’t affect such high-profile organisations.

In 2017 it estimated that one-third of small businesses worldwide were affected by ransomware. Of these one fifth had to cease operations. Not a temporary stoppage as Colonial and JBS with insurance and reserves to get through the incident enacted, but permanently closing their doors. Most of these attacks succeed because of human error, not a clever technical vulnerability. From what we know of the Colonial attack, like the SolarWinds attack, which has largely been forgotten but ended up giving the attackers root access to government agencies and military research organisations worldwide, it was down to a poor password choice.

Many businesses that haven’t been impacted by ransomware believe that they aren’t a target. Even some who have been subject to small incidents assume that they will not be affected by anything larger, despite often not even understanding how the malware got onto their systems in the first place.

What can businesses or individuals do?

There are two parts to dealing with ransomware attacks. The first is prevention, and often that’s simply being above the exceptionally low bar set by other businesses in terms of security. Ransomware groups are well-resourced and technically skilled, but they are eager to extract maximum profit for minimum effort as with any other profit-minded organisation. Closing down the easy holes, carrying out just basic security hygiene, requires them to expend more effort, so they will often move on to another victim. Until the entire world has got up to a basic level of security, this tactic will keep working.

The second part is to ensure thorough backups and a disaster recovery strategy is in place and tested. While ransomware exists that will hibernate, making sure to infect backups, this is rare as it requires additional effort and thought. In addition, knowing that you can restore operations within a few hours after losing systems removes the threat of ransomware.

How about insurance?

AXA recently announced that they would no longer be making payouts for ransomware as part of their cyber insurance policies. Unfortunately, others may follow suit, as ransomware is one area where insurers seem to have misjudged the risk. Worse, there are known cases of companies with insurance policies being targeted, but the ransom payments are set at a level known to be covered by the insurance policy. In effect, insurance companies have been subsidising the ransomware industry, driving up payments by making payouts available to their affected customers.

 


Cyber Security Fundamentals – Ransomware, Insurance, and Backups
By James Bore 

James Bore is an independent cybersecurity consultant, speaker, and author with over a decade of experience in the domain. He has worked to secure national mobile networks, financial institutions, start-ups, and one of the largest attractions’ companies in the world, among others. If you would like to get in touch for help with any of the above, please reach out at james@bores.com

Tweet
Share
Pin
Share
0 Shares

Buy The Latest Issue

Sign Up For News and Updates

We respect your privacy and will not share your information with anyone.
We will only message you when we have something relevant and of value to share with you.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Latest Issue

Circuit Magazine - Issue 66 - AI Armageddon

Issue 66

Buy Now

Latest Newsletter

Newsletter Sign Up

What you don't know CAN hurt you!

SUBSCRIBE

Latest Industry News

Ugandan Minister Killed by Bodyguard in Apparent Wage Dispute

A Ugandan government minister, Charles Engola, was shot and killed by his bodyguard early Tuesday in an apparent private dispute over wages, according to the army and local media. Engola, a retired army colonel, served as the junior minister in charge of labor in President Yoweri Museveni’s government.

Event

News - Circuit Magazine

Zelenskiy Denies Ukraine’s Involvement in Alleged Kremlin Drone Attack

Ukrainian President Volodymyr Zelenskiy has refuted Russia’s claims that Ukraine was involved in a drone attack on the Kremlin, which was allegedly aimed at killing Russian President Vladimir Putin. Zelenskiy stated that Ukraine fights and defends its territory, not attacking Putin or Moscow. The Kremlin reported that two drones were used in the attack but were disabled by Russian defenses.

News taken from Issue 65 of the Circuit Magazine

Bodyguard Saves Japanese PM from Pipe Bomb Attack

A bodyguard has been hailed as a hero for his quick-thinking actions during a suspected pipe-bomb attack on Japanese Prime Minister Fumio Kishida. Video footage captured the bodyguard kicking away a metal object as it landed near Kishida
before positioning himself between the Prime Minister and the device, shielding him with a collapsible, handheld ballistics shield.

News from Issue 65 of the Circuit Magazine

AlertEnterprise Reveals First-Ever Guardian AI Chatbot Powered by OpenAI ChatGPT

AlertEnterprise has unveiled its first-ever Guardian AI Chatbot powered by OpenAI ChatGPT. The chatbot will make its global debut at the ASIS Europe and ISC West trade events. Built on OpenAI’s GPT-3 platform, the Guardian AI Chatbot aims to provide security operators with instant access to critical physical access and security insights through quick questions and prompts.

Executive Protection/Secured Transportation Profession

COVID-19 and the Executive Protection

As practitioners, our responsibilities are many: protection of the client from physical harm, protection of the client from self-embarrassment, etc. Now, that the restrictions in the post COVID-19 era are starting to be lifted in some areas, Clients, and other high-net-worth individuals will be more aware of the area in which they are located, lodging, and traveling to.

James Bore's Cyber Security

Ways to See the Threat Before it Happens

Threat modelling is widely in use, whether knowingly or not, across every walk of life – and has been used since time immemorial to prioritise security defences. The only difference between the well-known risk assessments carried out by everyone and threat modelling in cyber security is the attempt to document and systemise it. I am hoping that this idea of formal threat modelling will be a useful tool for you to use in your future arsenal of available resources as a CP operator.

Close Protection advice

Keeping Your Edge: Building a Solid Foundation

Longevity, consistency and remaining relevant are some primary goals of all protectors. These factors are important when establishing a new contract and providing services for a new client. But what is equally important is the mindset that goes into those first days and weeks on the assignment. As such, I wanted to get the personal perspective of Vantrell Wilson, a close protection agent who I have trained with and worked alongside of for years now.

Global Risk Updates

Global Situation Report - November 2021

Global Situation Report – November 2021

Each issue our global geopolitical partner, Stratfor, provides an in-depth analysis of global incidents via in-house experts, cutting edge technology and through a comprehensive globally sourced network. Here is your summary from the last 30 days.

Popular Tags

armed attack Bodyguard business Celebrity client clients Close Protection Communication cp Crime Elijah Shaw EP Executive Executive Protection firearm firearms government gun Intelligence Law Enforcement Media Medical military News online police Prevention professional protect protection Risk Safety Security SIA Social Media Surveillance Technology terror Terrorism terrorist Threat Training VIP weapon

On The Frontline

The Death of Journalist Marie Colvin

I’m not writing this piece to get into her personal or professional life, her ambitions or any other side of her character (that’s all been done). I’m writing this piece because I see media management in general, as a huge failing for far too many media deployments gone badly in conflict areas around the world. And I’m using Marie’s death as an example of just one of those failings.
I’m still angered every time I see a write up about the sad death of this journalist, and here’s my reasons why:
I knew Marie for years, first meeting her in Jerusalem during the Second Intifada between the Israelis and Palestinians back in the early noughties.

Breaking the Communication Barrier

Security Consultant, Ben Hockman, shares tips on breaking the communication barrier when operating in foreign countries where the locals do not speak your native language. Specifically, the advantages he experienced, having Spanish language skills while working on an assignment in Colombia.

Working Girl: Female Bodyguards

I’ve been traveling around the UK on a CP job for the past few months but was also lucky enough to be part of the security for the royal wedding, it’s not often I say I was glad I did a job but it was nice to see lots of flag-waving royalists out on the […]

Follow us

  • Email
  • Facebook
  • Twitter

From The Archives

Close Your Eyes Too Improve Accuracy

Next time you go to the range, step up to your shooting lane, look down the range then take a moment …

Continue Reading about Close Your Eyes Too Improve Accuracy

First, to explain the definition of the term situational awareness we will use Endsley’s definition established in 1999:

Situational Awareness Skill or Instinct?

Many of us in the security and protection industry have heard the term ‘’situational awareness’’, …

Continue Reading about Situational Awareness Skill or Instinct?

Breaking the Paradigm - The 21-Foot Rule

Training for When Time is Life

Breaking the Paradigm - The 21-Foot Rule The 21-foot rule has long been an established firearm …

Continue Reading about Training for When Time is Life

Prince Andrew could lose bodyguards amid new Epstein details

Industry News - January 18th, 2020 Prince Andrew could be stripped of his 24-hour armed police …

Continue Reading about Prince Andrew could lose bodyguards amid new Epstein details

Promoted Event

International Security Expo

Latest Podcast Episode

Latest Issue

Circuit Magazine - Issue 66 - AI Armageddon

Issue 66

As AI armageddon comes closer, the global challenge is discerning the line between innovation and oversight, particularly concerning decision-making biases and security implications.

Buy Now

Follow us

  • Email
  • Facebook
  • Instagram
  • LinkedIn
  • Twitter
  • Home
  • Subscription
  • The Magazine
  • Podcast
  • Contribute
  • Advertise
  • Contact Us

© 2023 Circuit Magazine · Rainmaker Platform

This website or its third-party tools use cookies which are necessary to its functioning and required to improve your experience. By clicking the consent button, you agree to allow the site to use, collect and/or store cookies.
I accept