In my opinion the most difficult ransomware prevention actions would be the act of deciding to spend money on something that may not happen. (part of the dynamic of “Psychology of Security”
Before we go into the details of the above sentence – lets review the attackers:
What should be obvious by now when one reads ransomware attack reports the attacking country groups have specific targets, but then there are some groups which try to ride below the radar (the Darkside group failed at that)
Most groups are yold what to do with a few free lancers as the DefenseOne.com article mentions
The group, Nobelium, gained access to USAID’s account with Constant Contact, an online marketing company, wrote Tom Burt, Microsoft’s vice president for customer security & trust, in a blog post. Impersonating USAID senders, the group was able to send malware-linked email to some 3,000 email addresses in 150 organizations.
The reasons for that are self-fulfilling, said Soldatov. Russia boasts a number of highly skilled computer scientists and coders who run software companies. But the market for Russian software internationally is very thin, in large part because potential customers assume that such companies have to work with the Russian government, which would mean potentially using software developed in partnership with an adversarial nation.. The clearest example is Kaspersky, which was once a shining example of Russian success in tech. It was forced to shut down its Washington, D.C., office in 2017 because it could no longer work with the U.S. government.
The problem is when one has a massive campaign the dragnet can come and ensnare almost anyone … so it is more the six degrees of separation rather than the thinking it will not happen to me – I have nothing on my devices.
Are you on other people’s email lists? All it takes is to be on someone else’s mail lists or email account and if that computer is hacked you could get malware. “Six degrees” Book by Duncan J Watts
Thus the fact that you may not have any ‘valuable’ data does not guarantee no attacks are coming. In fact depending on your friends it depends on whether you will get attacked. How cyber aware are your email friends?
So in the book Six Degrees the Ego has 5 connections and each of those have 5 connections thus having 25 connections. With 3 degrees it becomes 125 connections. 4 degrees means 625 connections, 5 degrees means 3125, and 6 degrees means 15625 connections.
The issue in my mind is that one person out of the 15000 will likely have weak cyber capabilities or is willing to click on links.
So this 6 degrees of separation is actually a weakness for all of us.
thus we have adversaries that use state-sponsored projects as spring boards into cyber attacks and weak cyber defense habit people it makes for a landscape of more ransomware not less.
We need to have a philosophy of we will have a ransomware attack just depends on “WHEN”. not “IF”
What if every connection you make is a possible way for hackers to get to you? Now the 6 degrees of separation works against us. any one of the 15000
people that do not have good cyber practices, any one of your connections have connections that have connections – and if anybody has bad cyber practices then they could actually come back to bite you.
To improve Cybersecurity we need to have a change in psychology -instead of it will not happen to me because it did not happen yesterday… I better fix things because soon it will happen – When not IF.