- Security TWENTY
- Women in Security Awards
Author Roger Grimes
ISBN No 978-1-119-84913-1
Review date 03/07/2022
No of pages 273
Publisher URL https://www.wiley.com/en-gb/Ransomware+Protection+Playbook-p-9781119849131
Year of publication 03/02/2022
Ransomware Protection Playbook
Ransomware has become 'the major threat' in cyber, because besides shutting your IT systems, as famously seen in UK hospitals during Wannacry, attackers can now go after your customers too; and publicly shame you, while they seek multiple ransoms.
Ransomware Protection Playbook opens with the unlikely - and while well within living memory, odd and quaint - story of Dr Joseph L Popp, Junior, 'the creator of the first ransomware programme', a Harvard-educated evolutionary biologist turned anthropologist. He placed the ransomware on floppy disks by the thousand and physically sent them in the post to the unsuspecting. The ransom - an annual “license” or $389 for a “lifetime license” - also had to be physically posted, to a Panama post-office box. That was his downfall; he was identified and arrested, as aired at the annual conference of the London Fraud Forum last autumn, incidentally.
As that case shows, a ransomware creator had to work out how to get paid without getting caught. "Two things happened. First, Bitcoin was invented in 2009. It took a few years, but by 2014, the ransomware programs made the link to Bitcoin, and the whole ransomware industry exploded. Now, criminals could get paid without getting caught. Second, some major countries, like Russia, became cyber havens for ransomware criminals. Today, many ransomware gangs are in or around Russia and operate with near impunity."
As the author points out, 'entire companies being taken down, and ransoms paid in the multi-million-dollar range don't even raise an eyebrow. Ransomware attacks are taking down oil pipelines, food production plants, corporate mega-conglomerates, closing schools, delaying healthcare, and pretty much exploiting everything they can with near impunity." Grimes suggests that these are for ransomware gangs, their “golden years,” causing disruption and making money; and they have plenty of potential victims and 'almost no chance of being punished'. The security and IT worlds aren't doing a very good job at stopping it.
But they can; hence the book. While the author does not claim that you can 100 per cent defeat ransomware; you can minimise the risk. The basics are computer back-ups; and up-to-date antivirus software. The book is in two parts; how to prevent falling a victim in the first place; and if you are nonetheless, how to plan and prepare in case, and detect, respond and recover.
A useful and pithy chapter that you may want to concentrate on is towards the end, chapter 11, 'what not to do'. Some of the good advice, including if you are having to negotiate with a ransomware gang, briefly:
Never assume you can't be attacked.
Having very reliable backups is harder than it seems.
A ransomware attack is not the time to use inexperienced responders.
If the ransomware gang knows you are lying to them, it's not going to be a positive outcome.
Ransomware gangs will rarely go lower than one-quarter to one-half of the originally requested amount.
Most ransomware gangs are in foreign countries where negotiations over large amounts of money are expected.
Somewhere between 40 percent and 60 percent of victims are paying.
If you want the best possible outcome, be friendly, and be non-adversarial.
Going more into the morals of paying or not paying a ransom, the author wisely asks that you 'be careful in letting your ego or social ethics get in the way'. By talking with the gang, you may learn how they got into your network. If you don't or can't, you are 'more likely to fall victim to the same sort of attack'.
While the author says that he is a fan of cyber insurance, he advises that you 'make sure your cybersecurity insurance policy does not have an “out” (i.e., policy exclusion) for events caused by social engineering or employee error. These are becoming more common. Because social engineering is the most common method of attack'.
The book ends by considering the future of ransomware. The author, a 34-year veteran in this field, writes: "Every year I predicted it was going to be worse, and I've never been wrong." He points to the Internet of Things, connections by the billions; 'smart home' devices, cars, refrigerators, televisions. All are likely to see ransomware attacks; because criminals go after what is popular and where the money is.