The risk of an attack by malicious individuals (hackers) on business information systems has never been greater, estimates the Office of the Communications Commissioner - Digital Security Authority, noting that "the huge changes in working practices in the last two years have also changed the security goals of each organization".
As the Authority states in its announcement "staff work mainly from home and employers have been forced to bring new productivity tools based on the cloud, that is, the automatic online storage of data and information in a "cloud" of servers".
It explains that “Ransomware” is a specific type of malware that denies the victim access to their data and other IT resources until they pay the attacker a ransom.” It is also "by far the most common type of attack" and works by encrypting data and holding the encryption key needed to decrypt it.
As for whether ransoms should be paid to unlock systems, the Digital Security Authority says that this should not happen "because hackers are criminals and paying proves their business model and encourages further attacks".
Also, even if a ransom is paid, "there is no guarantee that the data will be returned to use because criminals can easily demand more money to release data that they know is sensitive or of high value."
The Office of the Communications Commissioner lists a series of measures to protect against Ransomware such as using endpoint detection and response (EDR) software, following the principle of least privilege (PoLP) and implementing a strong password policy and enabling multifactor authentication factors (MFA).
Recommendations include keeping software up-to-date, increasing employee awareness of cybersecurity, and taking business continuity and disaster recovery (BCDR) measures.
Finally, the measures recommended by the Authority are to follow the backup rule 3-2-1a, the unchanged backup copies, the control of the backup copies and the drawing up of a plan to deal with such incidents.
Source: KYPE