Ransomware is a unique threat to enterprises today - a low-intensity, high damage threat in which the attackers need to communicate with the victim to gain their cooperation. Other advanced attacks and compromises depend on stealth and subterfuge to extract information. With ransomware, it's the opposite. The attacker needs the victim to know that they have been targeted, says Lt Cdr Charanjit Singh Sodhi (Retired), who is the head of identity and access management and India head of business continuity management at Nomura Services India (see: Ransomware Tips: Fighting the Epidemic).
While most organizations are advised to avoid paying the ransom, downtime from ransomware translates into business loss, Sodhi says. "It's also about criticality of time and whether there is a threat to life. The healthcare industry is an example of this: What happens if life support systems are broken into and control software on these devices gets encrypted?" There is very less reaction time, and so some healthcare organizations pay up, reinforcing the idea with cybercriminals that that sector is a lucrative target, Sodhi says (see: Why Is Ransomware So Successful?).
In this exclusive interview with Information Security Media Group, Sodhi highlights the different ransomware tactics in use by cybercriminal groups, describes how these models function and how they generate revenue for the attackers and makes some recommendations on how some of these vulnerabilities can be countered by effectively using existing solutions (see: Ransomware: Will CERT-In Advisory Help Mitigate the Risks?).
If you see the lifecycle of how the ransomware enters the organization, there are various points during the ingress phase of an attack where it can be intercepted by employing basic security hygiene and understanding the attack methods, Sodhi says (see: The Fight Against Ransomware: Get the Basics Right).
"Once we study the various steps that are required for the ransomware to get deployed and fully active, at each step there are tools available, and you can make certain that these tools are correctly configured, giving you multiple chances of blocking the ransomware," he says (see: Ransomware Attack on State Govt. Dept. Raises Concerns).
In this interview (see audio link below image), learn more about:
- The current ransomware tactics in use by attackers;
- Ransomware revenue generation and business models;
- How the probability of success for the attackers can be diminished.
Sodhi served with distinction as an officer in the Indian Navy, where he was awarded the Chief of Naval Staff Gold Medal and the Sword of Honour. Thereafter, he has worked at SecureSynergy, Fidelity, Airtel and JPMorgan Chase. Currently, he is the head of identity and access management and India head of business continuity management at Nomura Services India Pvt Ltd. During his over 25 years of work in management and technology, Sodhi has institutionalized cybersecurity, information risk management and business continuity in large telecom and financial services organizations. He has also conducted numerous information security audits in the BFSI, telecom, IT, BPO and manufacturing sectors.