91% increase in successful ransomware attacks

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

In this week's edition:
⬆️ March 2023 91% increase in successful ransomware attacks
❓ Disable User Explains: Ransomware
🔥 the quick and dirty

Reading time: 02:28

March 2023 91% increase in successful ransomware attacks, are you prepared?

The latest Monthly Threat Pulse report by NCC Group informs us of a shocking 91% increase in ransomware attacks.

March felt rather hectic as it was. Lot’s of zero-days and patches all-around.
We all shrugged it off as “never a dull day in cybersecurity/IT”, but we all felt it..

That eerie feeling.

Sad to see this confirmed with a 91% rise in successful attacks.

What we don’t see in the report is - how many of the harmed businesses go out-of-business after a ransomware hits them?

The honest answer? The smaller ones.
This has 2 very clear reasons behind it:

• Small businesses have less resources to bounce back

• Small businesses don’t have an Incident Response Plan (IRP)

An incident response plan will give grip on the situation, preventing you from running around like headless chickens.

So, being my generous self, let me hand out some easy steps anyone can install, to be better prepared when a ransomware attack hits. And it will.

I altered the National Institute of Standards and Technology (NIST)’s framework. It’s a good Framework, but too dependent on an internal incident response team.

• Preparation - the most important step.

  • Do this before an incident occurs. Do this right now.

  • Assign a responsible person or small team for incident response. They don’t need to have IT skills, just know this plan by heart, like the national anthem.

  • Create a basic response plan, including contact information for external experts or IT support.

• Identification

  • Train employees to recognize and report potential security incidents. Make it clear what steps they can take when they notice something weird.

  • Use basic monitoring tools and antivirus software to detect threats. Ask your IT provider what they advise/offer.

• Containment - shit went down. Defcon 1, bitches.

  • Disconnect affected devices from the network to prevent further damage.

  • Change passwords and restrict access to essential personnel only.

• Eradication

  • Seek assistance from IT support or external experts to remove threats and patch vulnerabilities.

  • Update software and security measures to prevent similar incidents.

• Recovery

  • Restore affected systems from backups or with help from IT support.

  • Monitor systems to ensure they're functioning properly and securely.

• Lessons Learned

  • Discuss the incident with the team to identify areas for improvement.

  • Update the response plan and security measures based on the experience.

And if you really want to be 100% safe, just Disable all Users.

Ransomware

Software that demands payment before restoring the data or system infected.

For most people the most known ransomware (so far) is WannaCry/WannaCrypt. On the 12th of may, 2017, around 230.000 devices were infected.

Making this the single largest ransomware attack ever, counted in infected devices.

The quick and dirty

• Australians lost a record $3.1 billion to scams last year - g’day mate, that’s a lot of money.

• LockBit ransomware encryptors found targeting Mac devices - finally, an inclusive society.

• Spring cleaning tips for your browser - fun article, felt like I was running a new system after I was done.

• Eliminating 2% of Exposures Could Protect 90% of Critical Assets - tldr; in cybersecurity, every small steps counts.

• Meme of the week