Having ended last week’s cyber security news with ransomware stories and then starting this week’s news again with ransomware, our Operations Manager Martin and I ended up talking about the first time he and I dealt with this type of malware on a client’s network and in-house server…
Ransomware in days past…
Then we had a server full of encrypted files and warning screens similar to the one shown above. We quickly worked out which PC was the problem and removed that from the network, then set about cleaning things out and restoring the encrypted data from a clean backup that we had to go and retrieve from the data centre on a portable hard drive, as transferring that amount of data across the internet was not feasible then.
Job done.
Until the same client – different member of staff – did it all again a couple of months later!
Ransomware Today
Today ransomware – because it is such a money making attack for threat actors – has developed into a triple threat to evade the various strategies that organisations have put in place to combat ransomware (CISA. 2023). To find out more about how the ransomware triple threat works read this piece I wrote a few weeks back:
That brings us to Indicators of Compromise
What are indicators of compromise?
Indicators of compromise (IoCs) are pieces of digital forensics that suggest that a system may have been breached by a threat actor or malware. If they can be detected and recognised, they help identify malicious activity or security threats, such as data breaches, insider threats or malware attacks.
Spotting the Ransomware Indications of Compromise
Because ransomware attacks have become so sophisticated, way beyond data encryption, the quicker such an attack on your systems and information can be spotted, the quicker positive actions can be taken to stop the attack, so limiting the damage.
This is one of the reasons clients are joining our Security Operations Centre service. We can deliver this protection to one-person businesses, through larger organisations and even work with your in-house IT to improve how they protect your systems.
It starts at only £10 per month per user and it shows all your stakeholders you really care about cyber security. It must be time for you to call us to get the full picture on how this will help you.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
CISA. (2023). FBI and CISA release advisory on Snatch Ransomware: CISA. US Cybersecurity and Infrastructure Security Agency (CISA). https://www.cisa.gov/news-events/alerts/2023/09/20/fbi-and-cisa-release-advisory-snatch-ransomware
