Some ransomware can infect a business network because a hacker found a vulnerability of the network and exploited it to gain access, and sometimes it’s an indirect method: such as email in the inbox of a random person’s home computer that makes its way to the business network via an infected attachment and executes.
If using ransomware becomes a state crime, such as what Oklahoma is considering, how can it be fought? In Oklahoma’s case, they have a Cyber Command team of dozens that monitor for attacks. Included in their proposed cyber crime law is ransomware, viruses, spyware, trojan horses, and any other program that disrupts, destroys, or gains unauthorized access to a network.
While the intentions of these laws are good, and propose specific punishment for those who are caught, this is easier said than done.
One obstacle to fight cyber crime is location. Ransomware, viruses, hacks, and social engineering can be executed from anywhere in the world. Juristidctoin plays a part. If a hacker is in another country, it’s unlikely they will be punished even if they were caught, depending if the country is friend or foe.
Another challenge is that hackers hide their location, can mask IP addresses, spoof hardware MAC addresses (the burned in serial number, so to speak, on every device that can obtain an IP address), and jump server to server via VPNs making the chase similar to a game of whack a mole on a prairie field.
Some perpetrators are just students curious to put their skills to the test and see what they can do, but on the other hand there are pro’s who do this for a living, often well funded by foreign governments.
Either way, in the case of ransomware, the goal is to render a network useless until the ransom is paid. If it’s not paid, depending on the value of the data, it will never be decrypted. On the other hand, the cyber criminal already backed up your data and can sell it on the the black market. Healthcare is popular given they store people’s complete information including social security number. These victims, sometimes years later, can fall victim due to identify theft.
For Q1 of 2021, Oklahoma has detected 3.8 trillion attacks on state owned computers that they protect.
Your business is getting poked and prodded right now, and someone may even be in your system now collecting data quietly. Without security hardware, you’ll never see the tally. But trust me, it’s happening. Contact us today to discuss defending against such attacks. The overwhelming statistics reveal it is no longer if, but WHEN you fall victim. Do you have protection, backups, and a plan?
