I read Jenna Phipps' article about the Four Types of Ransomware You Should Know About. In it, she describes the following four ways in which ransomware software typically infects computer systems and data.
This type of ransomware restricts access to infected computers using screen locking or by blocking access to critical OS files. However, it is also somewhat easier to recover from, as there may be other means of accessing computers even when their screens are locked.
This type of ransomware encrypts individual files on a computer such that their contents are scrambled, and hence can no longer be deciphered without a key. To make things worse, each file may be encrypted with a different key. For an organization, timely backups and sound recovery strategies could help mitigate the damage from this type of ransomware.
In some cases, an attacker might choose to not only encrypt individual files but also threaten to "dox" the victim by publishing the compromised data on the Internet. This type of ransomware has privacy implications for organizations that are required to be GDPR, CCPA, or HIPAA compliant, especially since backup strategies do not work against it.
Yep, that’s a thing!!! 🤯
Just like SaaS, RaaS is code built by hackers, which is sold to other hackers as a service, who then use it for extortion! RaaS has a sohisticated business model based on profit sharing of the ransom amounts paid by the victims.
This was particularly fascinating, so I looked around, and found that CrowdStrike has a great article on Ransomware As A Service (RaaS) Explained that explains this business model in more detail. Check it out!
Detection and Mitigation
From an anomaly detection perspective, Techniques for Ransomware Detection describes the strategies for establishing a baseline of normal activity for critical data files, monitoring for anomalous activity that may provide early signals of the presence of ransomware, and mitigating its spread within the organization.
Lastly, Jenna also writes about ways to mitigate the impact and spread of ransomware. It depends on effective endpoint device management, patch management, remote service access control, and employee training.
Hope you enjoyed reading this!
Subscribe to my Data Management Newsletter for more original content on databases, data management and data protection!