Ransomware, the how and where and what your first step is in defending against it…

Here are a couple of stories showing that ransomware hits large and small organisations:

Luxembourg energy companies struggling with alleged ransomware attack, data breach – The Record by Recorded Future

At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint – The Record by Recorded Future

The Bromford Housing Association has shut down it’s systems as a precaution because of a cyber attack, but the BBC article says they were “targeted”. I’d quite like to know at this stage why they were targeted and what evidence they had for that? Most attacks, according to government research are targets of opportunity because of mass phishing attacks (UK Government. 2022).

Bromford Housing Association targeted by cyber attack – BBC News

Targeted attacks tend to be organisations of high value, high profile, government offices etc. Here is the high value, high publicity type of attack:

BlackCat ransomware claims attack on European gas pipeline (bleepingcomputer.com)

And just this week a real world example of how combining a number of flaws and vulnerability can get ransomware into your systems:

A combination attack that exploits the Log4j vulnerability and VMware to deliver ransomware – Smart Thinking Solutions

So what can you do?

Just a quick look at this post can make the problem look enormous, so you need to start somewhere. Here is the first step, I suggest you think about, on your road to better cyber security:

Start your planning, thinking that you may be a “target of opportunity” and take actions to deal with that problem first.

Have:

Then expand your defences from there.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

References

UK Government. (2022). Cyber Security Breaches Survey 2022.  Retrieved July 9, 2022, from https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022

ransomware screen 200