Futaba _ Webs πΈπΈππΈπΈ
Danger! Ransomeware and DLPs πΈπΈππΈπΈ
Today, I'm going to talk more about ransomware attacks and how to prevent them. This is to raise more awareness on proper Cyber Security data Hygiene methods, as well as other techniques that can be used to prevent any real damage should this attack connect. This article is also going to feature some of my formal QA answers from a recent interview I did most recently.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today, I'm going to talk more about ransomware attacks and how to prevent them. This is to raise more awareness on proper Cyber Security data Hygiene methods, as well as other techniques that can be used to prevent any real damage should this attack connect. This article is also going to feature some of my formal QA answers from a recent interview I did most recently.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π What is FDE (Full disk encryption)? π What is Symmetric/Asymmetric Cryptography π What is Ransomware? π What should you do during a Ransomware Attack? π What is the simplest means to prevent it You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π Patreon Version
π Danger! Ransomeware and DLPs
Premise πΈπΈππΈπΈ
I recently participated in a formal QA interview for a research group at the University of Washington that focused on Business Impact Analysis, and the best mitigation strategies and tactics that should be applied to better secure our digital landscape. The goal of the research project is to help educate small businesses run by women and other minority groups on proper Cyber Security practices. The QA was led by a woman named Grace Sommers. If you would like all the full in depth answers regarding the QA, you can find it on my patreon attached to the advanced version of this article. It's 9 pages and you can learn a lot about how to properly defend your digital systems from various attack vectors, including various endpoint security methods if that fancies you.
The more advanced version of this article is going to feature some more in depth techniques aside from the basic ones that will be discussed here today. As always, that will be for my patreon supporters only.
This article is a part of the Danger! Series, which is where I raise more Cyber Security awareness about critical flaws and vulnerabilities that exist within various system infrastructures, including any protocols and data communication methods, and the Dangers of what could happen should they be exploited to the fullest extent. I also go over various mitigation strategies that can be used to prevent them as well. If by chance there is an exploit video for me showing the full potential risk, it will be included in the advance version of this article for PAID patreon members only!
Ransomware attacks are on the rise, and are a favorable attack method commonly used by a lot of crypto gangs. It's important to know how to protect yourself from these types of attacks. Ransomware, as shocking as this might sound, is EASY to stop, rather, easy to render useless. It's simply a matter of understanding the critical flaw within the attack method itself and what it relies on to execute.
Even with all of this you still need to know proper data mitigation techniques, since the attack method also focuses on data exfiltration. I'm going to teach you various mitigation strategies that not only protect you from ransomware attacks, BUT, protect various data endpoints to prevent exfiltration. Why? Even if you render a ransomware attack from crippling your infrastructure, the attacker STILL got away with sensitive data which they can use as they please. You need to observe all the little things to see the bigger picture.
I'll also be covering some basic stuff like FDE, cryptography, etc, so that you FULLY understand how the attack method works. Pay close attention to the cryptography stuff since you NEED to understand how it works, both from the perspective of a threat actor, as well as from an overall security standpoint perspective.
If you would like a demonstration of the technique, I wrote an article demonstrating how to write the code and perform the technique, as well as a live demonstration that can be found on my YouTube channel. If you would like to see the sample code for it, you can find it in my "Python-Pen-Testing-Tools" in my main Github Repository here.
What is FDE (Full disk encryption)? πΈπΈππΈπΈ
Before we dive into what Ransomware is, let's go over what FDE is, since it heavily applies to the topic for today.
FDE, full disk encryption, is a defensive technique that is used to harden data protection across all hierarchical flat file systems. It's the overall process of enumerating the entire file system, and then applying what is known as symmetric cryptography in order to encrypt the entire data storage medium. A good example of this would be bitlocker, which is commonly used for Windows system infrastructures.
As you know, data encryption is irreversible without the crypto keys, so by performing this method and leaving the keys out the hands of the attacker, should they breach the system, whether it be digitally or physically, any and all data they steal will be useless to them.
What is Symmetric/Asymmetric Cryptography? πΈπΈππΈπΈ
Symmetric cryptography, also known as single key cryptography, is the process of using a singular crypto key known as a private key in order to both encrypt as well as decrypt data. It's commonly more used for FDE over Asymmetric due to it being the faster encryption method.
This makes sense as the overall process for FDE is to enumerate THE ENTIRE file system ENTIRELY and encrypt EVERY single file on the system. Asymmetric would be too slow for this as it's a slower encryption standard. It's also commonly used in mobile device data encryption as well for the same reasons.
Asymmetric encryption on the other hand uses two crypto keys to perform the same process, except, in this case, it uses a public key for encryption, and a private key for decryption. The main reason for this is to add more secure complexity for various data communication methods. Itβs also commonly used in stuff like PGP, pretty good privacy, which is commonly used for secure email data encryption.
One of the BIGGEST downfalls of symmetric data encryption is it's VULNERABLE to interception attacks. Should an attacker intercept the crypto key, they can: decrypt all data and messages, replay new ones on behalf of the original recipients, and a lot more.
However, with Asymmetric encryption, this isn't the case. Since it uses two crypto keys which come in pairs, Should a threat actor intercept the communication pipeline and steal one of the keys, their efforts will be in vain, as they lack one of the means to facilitate a SOLID man in the middle attack.
The whole premise of a man in the middle attack is to not only intercept the communication, but to reply messages on behalf of the respective parties. By using public key cryptography on top of other data channel splitting techniques, you render this the ineffective and leave them in a situation where they canβt facilitate it fully.
Should an attacker secure the public key only, then they'll only be able to send messages. They won't be able to read any of the data that is being sent back and forth, and any new messages will be suspected as false ones, which will lead to the replacing of the keys. Even if they verify with the key, it will all be for nothing.
However, in the event they have the private key, they'll be able to decrypt any and all messages, BUT, they won't be able to spoof and gain further insight and other information out of the communication pipeline. This is still a problem for them due to the fact most PKI infrastructures, even stuff like PGP, REQUIRE you to have the public key BEFORE you begin a communication to ensure message authenticity from the recipients. Simply not having the public key is like a lack of ID to verify who you areβ¦. WHICH MEANS A DEAD PRIVATE KEY! This does vary depending on the infrastructure so do be mindful as I'm going over this.
What is Ransomware? πΈπΈππΈπΈ
Now that we've gone over the basics, let's talk about what Ransomware is.
Ransomware is basically FDE with malicious intent. It's a form of malware that is known as "crypto" malware, which deploys cryptographic techniques that enumerate the victims file system, exfiltrating data from it, and then encrypting the main copy of the data on the file system, rendering it useless to them. Be mindful that "crypto" malware and "ransomware" are TWO different forms of malware. Crypto malware is the main archetype, where as Ransomware is the child of said archetype, inheriting cryptographic techniques.
After the data is encrypted, a message is displayed to the end user requiring them to pay a "ransom" in order to receive the crypto keys to decrypt their data, hence the name "ransomware". The problem with this is paying the ransom doesn't guarantee you will receive the keys.
Ransomware is on the rise for being an effective attack method because it can be combined with phage malware techniques and phishing techniques to become SUPER effective.
Before, a simple click of the link or mishap in security meant you had an undetected botnet. NOW, it means all your data is encrypted and unreadable, which can be problematic if you're handling sensitive data that has to do with critical record information like someone's student or home loan payment information for example.
Mr.Robot for example, one of their biggest exploits in the show was encrypting all of E Corp's data in order to "FREE" everyone from debt. HOWEVER, it caused quite the opposite effect, where now people that were close to being debt free, or had funds in their bank accounts, were unable to access anything or prove what they've made payments due to the data being indecipherable. The result? TOTAL CHAOS where the people they were trying to βFreeβ suffered more.
What should you do during a Ransomware Attack? πΈπΈππΈπΈ
One of the biggest misconceptions about ransomware attacks, a common question that gets asked, is what do you do in the event of a ransomware data breach? This is a VERY bad question to ask, as it under prepares many business infrastructures on how to deal with actual ransomware threats.
The real practical question to ask is what do you do BEFORE a ransomware attack occurs? Still scratching your head? Let me explain.
You see, in the event that a ransomware attack connects, THERE IS NOTHING YOU CAN DO!!!! Ransomware is an IRREVERSIBLE process, where unless you have the crypto keys, which are in the hands of the attacker, there is NOTHING you can do. Even if you pay the ransom, you're not guaranteed to be given the crypto keys to re-acquire the data that has been stolen. You also have loads of fines that stack along with the ransomware breach that you are required to report on top of that.
What is the simplest means to prevent damage from this type of attack? πΈπΈππΈπΈ
One of the SIMPLEST yet COMMONLY ignored methods to prevent ransomware from being super effective BEFORE it strikes is the usage of constant data backups. There are two main types: inferential and differential backups.
Differential backups are full backups where you backup any and all data across the board. This is done at certain time frames regularly to back up large quantities of data at a time.
Incremental backups are partial backups where you backup portions of data at a time. This is common practice on top of the differential one as you'll often have a case where certain portions of data need to be backed up. Think of it like this, if you modified a file on your flash drive, would you back up the entire drive again? Doesn't make sense right? This is where you would apply this method.
If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
