[ad_1]
In the news, we’ve frequently heard about something known as Ransomware.
It’s a variation of malware threatening to widely disclose a victim’s personal data or permanently block access to it, unless, as its name implies, a ransom is paid.
Chillingly, Ransomware knows no boundaries and recognizes no specific target demographic.
Its attacks have crippled businesses, wiped out savings accounts, and even brought entire government systems to a standstill.
In the realm of ransomware, the line between reality and a nightmarish future is rapidly fading.
Personal records, financial data, and identities are being treated as commodities to be stolen, sold, and traded on the dark web.
Small businesses have been forced to shutter their operations, major corporations have lost control of sensitive customer information, and individuals have fallen victim to financial ruin.
This all may sound like some dystopian fever dream, and you’d be forgiven for thinking so, but it’s quite real, and the threat grows daily.
You may ask “What data could I have that anyone would want to hold for ransom?”
The answer is: any and all of it.
If suddenly your decades of family photos were encrypted and inaccessible you would probably consider paying the ransom.
While news headlines often focus on the most sensational ransomware attacks, see the Colonial Pipeline attack, the truth is that no one is too big or too small to be targeted.
From an individual casually using their personal computer at home, to a local mom-and-pop shop to a multinational conglomerate; every entity is susceptible to falling prey to ransomware.
You probably have an email in your spam and junk folder that contains some form of malware right now.
Please don’t go looking, but that’s how common the problem is.
In the past, ransomware was primarily the domain of elite and tech-savvy hackers.
However, times have changed.
The democratization of cybercrime has significantly lowered the barrier of entry for aspiring cybercriminals.
Today, almost anyone with basic knowledge can create and deploy malicious code, thanks to hacking tools and ransomware-as-a-service platforms readily available on the dark web.
The shift towards democratization has led to a vast and diverse pool of attackers, drawn in by ransomware’s proven record of success.
The great majority of attacks originate outside the United States.
Nameless, faceless, foreign cybercriminals operate with impunity and often with aid from their governments.
It is only a matter of time before a nation-state directed cyberattack is used to disrupt all manner of public infrastructure and government operations.
Ransomware has five known entry points to a network: email, open remote ports, vulnerabilities in unpatched or outdated software, insider threats, and external devices.
Despite countless efforts to address this issue, the existing protocols for prevention have fallen short.
Perhaps these institutions are victims of the sunk-cost fallacy.
They’ve invested so much into their ineffective methods of prevention over the years that they feel to try something different would be to admit they’ve wasted time, money, and man hours with nothing to show for it but continued attacks.
The old way of doing things is no longer working.
Human error, greed, and negligence means that ransomware attacks will always happen.
No amount of training can eliminate all human error.
Two-factor authentication, especially with physical tokens or smart cards, is costly, tokens can be lost or stolen, and require dedicated support and training.
Employees are subjected to endless training refreshers, tests and quizzes to ensure their compliance, and still employees are escorted from their office building by security for connecting a personal USB flash drive to their work issued computer.
This is all to illustrate that industry professionals can and will make mistakes.
We can no longer rely on the old ways of handling ransomware.
As terrible and serious as the looming ransomware dystopia is; it can be stopped.
The question is will we act in time?
In any scenario one can imagine where a ransomware attack is attempted; application allowlisting would eliminate the problem immediately.
A relative opens a spam email attachment on their 1997 Compaq Presario containing ransomware, allowlisting software will stop it.
Someone uses stolen or even willfully provided credentials to try and deploy ransomware remotely through an open network port, allowlisting will stop it.
A disgruntled employee attempts to inject ransomware into their company network with a USB flash drive, allowlisting will stop it.
A rogue agent acting on behalf of an enemy nation tries to deploy ransomware to the military’s critical digital infrastructure, allowlisting will stop it.
The scenarios for how ransomware can be introduced are endless but the solution is singular.
Allowlisting has the capability to rid the world of ransomware for good.
By allowing only known good applications to run; 100% of ransomware can be stopped before it can deliver its payload.
Allowlisting software means that we don’t have to live in constant fear and paranoia that our identities, our data, and our livelihoods are being used as a currency by cybercriminals.
We would no longer have to fear that our power plants, our water treatment plants, or any other piece of crucial public infrastructure are under constant threat.
Most importantly we wouldn’t have to live in a world where our society can be brought to its knees by a cowardly anonymous cybercriminal with a cheap laptop.
Chad Rasnake is MSP/Pro Support at PC Matic: a company specializing in cybersecurity and antivirus software.