In today's environment, where cyber threats are growing exponentially and corporate data security is more vulnerable than ever, it is critical for businesses of all sizes to adopt effective defense strategies against the dreaded ransomware.
The recent conflict between Russia and Ukraine, together with the economic crisis in Italy, has led to the increase in cyber attacks, including other types and DDoS types in the first place, highlighting the urgent need to address the problem of cyber security with determination.
The lack of investment in cybersecurity
Despite the continuous increase in cyber attacks and the demonstration of the damage they can cause, one of the main problems is the lack of adequate investment in cyber security, especially by small and medium-sized enterprises, which often operate with limited resources.
ISO reference standards
ISO/IEC 27001: This is the main standard for information security management. It defines the requirements for implementing an ISMS and provides a framework for managing risks, selecting appropriate security measures, and creating an information security management environment.
ISO/IEC 27002: This standard provides detailed guidelines for the selection and implementation of information security controls. It is often used in conjunction with ISO/IEC 27001 to help organizations define the details of security measures to be implemented.
ISO/IEC 27005: This standard focuses on managing information security risks. It provides a methodology for risk identification, risk assessment, selection of risk mitigation measures, and risk management planning.
ISO/IEC 27003: This standard provides guidelines for planning and implementing an ISMS in accordance with ISO/IEC 27001. It helps organizations establish a project plan for the implementation of the ISMS.
ISO/IEC 27004: This standard focuses on measuring information security and evaluating the effectiveness of security measures. It helps organizations define key performance indicators (KPIs) to assess the success of their ISMS.
ISO/IEC 27017: This standard provides specific guidelines for information security in cloud infrastructures. Help cloud providers and users understand and mitigate information security risks in the cloud environment.
ISO/IEC 27032: This standard provides guidelines for information security in a hyper-connected, digital society. It covers issues such as network security, cyber threat management, and cooperation between stakeholders in information security.
Backup strategies, an effective weapon
An immediate and partial solution to protect corporate data from ransomware is to implement an automatic backup system.
These backups should be done on a daily or weekly basis, but the key to success is to make them completely offline when the process is complete. This precaution prevents ransomware from encrypting and making backup data inaccessible.
Obviously this is only a small treatment tip but it is also necessary to work a lot on the prevention and identification of the initial phases of attack that always start from Osint activities and IT infrastructure finger prints, which can be identified with excellent Threat Intelligence systems in addition to the usual IPS / IDS.
In addition, it is essential to use backup systems that ensure the integrity and reusability of computer data in the event of a ransomware attack. This means that backups should be immune from any unauthorized modification and ready for recovery and above all that they are certainly usable as they are based on CRC verification or with HASH algorithm.
CRC OR HASH
CRC Verification
Cyclic Redundancy Check (CRC) data verification is a process used to verify the integrity of transmitted or stored data, particularly in environments where it is critical to ensure that data has not been corrupted or altered during transfer or storage.
CRC is an error-checking algorithm that calculates a checksum value based on the original data and compares it to a previously received or stored checksum value. If the two checksum values match, the data is assumed to be healthy; Otherwise, it is believed that there is an error in the data.
Here's how CRC data verification works:
CRC calculation: When data is transmitted or stored, an application or device calculates a CRC value from the data. This value of CRC is a sequence of bits generated by a mathematical algorithm. The result is usually a fixed-size bit string that represents the checksum of the original data.
Transmission or Archiving: The original data together with the calculated CRC value are transmitted or stored together. This additional CRC value serves as a way to detect any errors during transmission or storage.
CRC verification: When data is received or retrieved, the recipient or device recalculates the CRC on the received or retrieved data. The result is a checksum value.
CRC Comparison: The checksum value calculated in the receive or retrieve phase is compared to the original checksum value sent or stored with the data. If the two CRC values match, the data is considered to be healthy. Otherwise, it is assumed that there is an error in the data, and it may be necessary to request a retransmission of the data or perform other corrective actions.
CRC is widely used in many applications, including transmitting data over computer networks, saving and retrieving data from storage devices (such as hard drives and flash drives), and verifying data integrity in communication protocols.
It is an efficient and effective technique for detecting random errors in data and making sure that data has been transmitted or stored accurately.
However, it should be noted that the CRC is primarily designed for error detection, but not for correction. If errors are detected, appropriate measures should be taken to correct them or request a retransmission of data, depending on the context of use.
HASH Verification
Hashing algorithms are used to generate a unique hash value (or checksum) for a set of data. This hash value is a fingerprint of the original data and is used for different purposes, such as data integrity, encryption, digital signature, and password management.
Features: Hashing algorithms produce a fixed-length fixed hash value, regardless of the size of the input data. They are designed to be fast and computationally efficient. Hashing algorithms are cryptographically secure and produce a unique hash for different data sets. They are used in many security and authentication applications.
In summary, both CRC and hashing algorithms generate checksum (or hash) values from data, but they are intended for different purposes.
CRC is primarily used for error detection, while hashing algorithms are used for broader purposes, including data integrity, security, and encryption.
A practical strategy for Small and Medium Enterprises
Cybersecurity involves multiple risk factors and requires comprehensive and careful planning.
For small and medium-sized businesses with limited budgets, you can embark on an incremental backup strategy on a weekly or even fortnightly basis, while planning next steps towards ISO cyber security certification.
A reaction strategy
In the event of a ransomware attack, the time factor is crucial. It is essential that companies have a predefined action plan and immediately involve a cybersecurity expert to support the IT manager or whoever is in charge of crisis management, not all SMEs can afford to have a Cyber Security Expert Professional in-house.
In the event of a ransomware attack, it is advisable to shut down most hardware machines to avoid data encryption.
However, some virtual or physical computers or servers should be put into hibernation mode to allow subsequent digital forensics analysis, especially in Windows systems, to analyze the contents of the RAM saved in hibernation files, and possibly be able to trace the decryption "key" key or at least some clue about the type of ransomware and precise version.
Sources
Your opinion matters
What do you think of this article?
If you have reached this point let us know what you think of the article by leaving a comment.