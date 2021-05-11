Atef Abdullah (Abu Dhabi)

From time to time, government and private institutions around the world are exposed to several cyber attacks, including ransomware, which is a type of “malicious” malware that cyber criminals use to infect computers and networks with viruses that block access to the system or encrypt data.

In exchange for decrypting the data, cyber criminals demand a ransom amount from their victims, which may reach hundreds of thousands of dollars, especially if the attacker knows that the blocked data represents a great financial loss to the organization that was attacked.

And in the past few days, America’s largest fuel pipeline has stopped Because of a ransomware attack, one of the most devastating digital blackmail attacks, it disrupted fuel supplies in the eastern United States, imposing sporadic restrictions on sales at retail pumps and pushing gasoline price caps to their highest level in three years.

Dodge attacks

And about how the ransomware works, Mohamed Abu Khater, regional vice president for the Middle East and Africa at the F5 Electronic Security Company, told Al-Ittihad that this malicious software seeks to spread in connected systems, including shared storage systems and other computers that can be accessed. In the event that the demands of cybercriminals, which are usually in the form of sums in cryptocurrencies such as Bitcoin, are not met, the files remain captive to encryption and are not available to users.

Muhammad Abu Khater

Prescription for protection

To prevent ransomware attacks, Muhammad Abu Khater advises cybersecurity chiefs of five measures:

– Keeping all software in an updated format, including operating systems and applications, and it is worth using the web application firewall in order to protect applications.

– Performing a backup of information so that the data can be restored if it is attacked by encryption, with the need to store additional copies of the backup files for the sake of restoration in the event that the backup files themselves are breached as well.

Spreading awareness among employees about best security practices, especially avoiding opening attachments or links coming from unknown sources, and to raise awareness of the workforce, companies can test their employees by conducting evaluations by simulating phishing mail messages from the real world.

Directing information security teams to conduct penetration tests in order to discover vulnerabilities, and to install anti-virus software, firewalls and e-mail filters – while keeping them in an up-to-date state – with the aim of curbing malicious traffic across the network.

Ensure that data access is secured by activating secure access to applications by establishing authority-based security controls, while using access authentication mechanisms with multiple factors.

Proactive detection

In the case of ransomware attacks, Muhammad Abu Khatir stresses the need to separate the affected devices from the network so that the ransom request software does not succeed in exploiting the infected device to spread throughout the network, and then the help desk or the security office must be immediately informed of the attack incident with the ransomware program.

He explains that the mechanism for proactive detection of ransomware includes the application of an effective incident response, a business continuity strategy and a major security emergency recovery plan, and that it includes appropriate steps to block, detect and recover from ransomware, so that its effects on the business are minimized as possible.

He says: When you can determine the type of ransomware used in the attack, this helps to understand how it spreads, what kind of files the encryption targets, and how to remove them.

To ensure that systems remain safe and to prevent hackers from thwarting efforts to recover from attacks, he stresses the need to immediately change all user and system administrators passwords, adding that it is necessary to notify the police of the occurrence of a ransom demand attack so that the incident can be investigated, and also to help avoid Other companies do the same.

The key to a quick recovery from ransomware, he says, is to make sure that there are up-to-date backups of important files, because that enables data to be recovered quickly without being subjected to extortion and ransom payments.