What is "ransomware"? This came up a couple of times for me this morning, so I thought there might be folks who would benefit from an answer. Specifically, an answer unrelated to selling a ransomware product or service.
The term "ransomware" describes the tools, tactics, techniques, and procedures (TTPs) utilized maliciously to either cryptologically prevent an organization from accessing its data or to access/exfiltrate an organization's data with a threat to expose. What makes these cases "ransomware" campaigns versus otherwise generic "malware" is the demand for payment made by the attacker. This generally takes the form of a demand for payment to be made to receive the keys and method for decrypting the victim's data or a promise of maintaining confidentiality.
Although "ransomware" and "malware" describe the operational use of tools and TTPs, they are not themselves descriptive of a specific piece of software or method. Additionally, the same good security practices and cyber hygiene recommended for years to confront malware campaigns and other adversarial/criminal use of tools and TTPs to victimize persons and organizations apply to ransomware.
- Stay on top of software updates.
- Apply patches.
- Monitor applications and networks.
- Apply sound inbound AND outbound access controls.
- And conduct realistic testing against all aspects of organizational defense.
Understand your specific business risks and technical vulnerabilities and make informed remediation decisions. Finally, ask your outside counsel for a cyber event game plan specific to your organizational needs.
Have a question you would like to ask Team GRIMM? Email us at [email protected] for a chance to be featured!