Rising Ransomware Costs & Managing Risk Beyond Tech with Austin Morris Jr

02:00 – Austin Morris Jr. intro what they do in the insurance space.

04:30 – Baltimore and Florida cities opting to pay for the ransomware bounty versus marching down the unknown path to decrypt the initial ransomware lock-down of systems.

06:20 – Dennis Underwood describing the challenge of tying the technology to the highest cost cyber risk activites and stopping those first in the event of a cyber attack.

07:45 – Austin talking about trends in rising costs. Partially responsibility is CISO and technology team and properly configuring things: access, data management, backups…always part of the conversation. BUT, this also includes CFO, HR and others.

What do attackers do to get access to data? Going in through websites and other lax security areas. Attackers will automate finding the access and hide where they’re attacking from so it’s harder to track. If internal data isn’t encrypted hackers can flip a switch and lock down systems. Mentioned Florida and Philadelphia summer 2019 major business interruption. Staff can’t work and customers can’t interact.

11:00 – Beyond the tech problem, this is a fiduciary business problem. Paying out ransoms means hacker bounties are increasing. When I get the ransomware, how am I going to pay it? This is why cyber risk insurance needs to be part of the conversation. Cyber insurance policies pay for forensics, PR, PCI fines, other penalties, and deals with handling of the ransomware situation.

12:00 – Reading language from cyber risk policies for “extortion” like ransomware. Accessing, acquiring, and using data with the intent to sell, alter, or destroy computer systems, or initiate code.

Big takeaway? May forms of ransomware and can destroy systems if you don’t pay, or they will do it anyway.

14:00 – approach for attacking has changed. Demands are going up because previously ransomware would target “a lot of donors” and do more passive attacks. Now they are doing targeted attacks, doing reconisance within the network, causing painful interruption, and can thus charge more.

Trickling down to smaller and medium-sized businesses who haven’t budgeted for this or prepared for this.

16:00 – Fallout from ransomware is still undefined how to best respond, which is why cyber risk exists. Don’t know how to respond because ransomware is evolving. There are many types and increasing sophistication. Thinking about, for example, WannaCry from 2017 is different than the strains we’re seeing today. Different in two main ways:
(1) Hackers are not haphazardly throwing attacks out. They are hyper-targeting businesses and organizations.
(2) The actual malware itself is much more sophisticated.

17:20 – Technically speaking, how are the attacks changing/ evolving? Maturity growth in many industries, this just happens to be a criminal enterprise and they’re learning.

The attacks only targeted one or two users in the business and an analyst could decrypt easily. Now, the ability to decrypt easily is gone. Hacker ransomware tools and activites

Are hackers writing custom code and campaigns per business, or are they reusing malware to attack? Depending on the level of customization and variance might indicate HOW a CISO might automate against this. Can you use your own defensive decryption code or should you leverage a 3rd party that keeps up with tradecraft?

21:00 – Are we seeing only a couple machines and servers being encrypted, or is it widespread takedown?

Austin says they’re seeing both. Sometimes the FBI has decryption keys but it doesn’t work on all strains of malware. Oftentimes, encryption happens better and faster than decryption. Decryption, the data isn’t as organized or easy to read.

Social engineering is easy to do. Weak password, humans making mistakes, voluntary malicious insiders who have something to gain. Plus vulnerabilites and exploits can be found with internal reconisance and automation leveraged by the hackers and then they lock up high-dollar areas.

Hacker groups share tools amongst each other, almost like a SaaS model

25:45 – Trickle down from the board for the whole business to be ready for being targeted and extorted.

27:00 – Biggest takeaway and the future of the ransomware problem?

Businesses aren’t talking to employees about good cyber hygine and perhaps patches didn’t take. So, need to do security monitoring and have a vulnerability assesment to fix and close. Have an incident response plan to respond quickly and know what to do when/ if a problem happens. Have legal advice ready and consider insurance.

Education: users at ALL levels should know what they should and shouldn’t do. Also, employees should know they should proactively raise the flag on issues.

Team effort from the Board to Security down to technical: everyone has to be align and employees have to be trained.

Have proper monitoring in place. Look at web security. Look at vulnerability assessments. You have to do all of it, but if you do it well it’s part of company culture.

35:00 – Future of Ransomware, will target smaller and smaller organizations that are highly depended upon. Say, 5-million dollar businesses.

Aaron Abodeely

If you see a webinar, blog post, landing page, or video there is a good chance Aaron built as part of the Cyber Crucible marketing team. If you're a channel partner, you may have also interacted with Aaron there.