• 1000

As the eve of All Hallows approaches and the anticipation of Halloween fills the air, we find ourselves eagerly looking forward to well-anticipated parties, memorials, and family reunions. However, within our phones and computers, hidden threats lurk when we click on unknown web links or open documents in emails and personal messages from strangers. Could this be an ominous Trick or Treat?

While ghost sightings may send shivers down your spine, receiving a one-time password (OTP) or a sudden debit on your bank account from an unauthorized purchase is one of the things that will truly keep you awake at night.

What’s worse is the agonizing experience of having your years of hard work, personal files and creativity, and personal data held hostage by cyber-attackers who demand a ransom—This is what we call “ransomware”. The prevalence—and cost—of increasingly sophisticated ransomware attacks continue to grow unabated. The threat of ransomware is nothing new, but the nightmare scenarios targeting businesses in every sector, even the government, are becoming more targeted and crippling by the day.

Cyber-attackers employ both "big game hunting" and "auto-spreading" tactics. In the case of big game hunting, they focus on larger organizations where they anticipate they can extract the largest financial "payout." This is unlike auto-spreading ransomware which target individuals. Many new strains of ransomware allow criminals to steal data and manipulate systems, as attackers demonstrate a deeper knowledge and understanding of their target's environment.

Ransomware Revealed

Ransomware has emerged as one of the most significant cybersecurity threats the world faces today, according to National Security Alliance, a US-based cybersecurity watchdog. While on the surface, ransomware may seem like a simple attack, it actually involves complex and diverse strategies that hinder recovery. More specifically, ransomware attacks entail the use of an executable to encrypt an organization's sensitive files, after which the files are held hostage until a ransom is paid. If the target of the attack refuses to pay the ransom, attackers often threaten to delete the data or release it to the public. However, it should be noted that deleting the data deprives attackers of the leverage needed to extort payments from their targets. Cyber attackers use various network penetration strategies to gain access to data, including phishing, stealing Remote Desktop Protocol (RDP) credentials, using brute force, and exploiting software vulnerabilities. Regardless of how threat actors gain access to an organization's sensitive data, ransomware attacks often result in significant financial loss and irreparable damage to the organization's reputation.

The Anatomy of Ransomware

At its core, ransomware is a form of malicious software designed to block access to computer files until a substantial sum of money is extorted. Think of it as a hostage crisis in the digital world.

Ransomware relies on the principles of cryptography. This malicious software utilizes cryptographic algorithms to ruthlessly lock away an individual's most cherished digital assets, including photographs, music, audio files, vital documents, databases, and more. Once these files or data under attack are encrypted, the user is provided with instructions on how to obtain the decryption key. However, one of the major risks that result from ransomware is that paying the ransom does not always guarantee the successful restoration of the data encrypted during the attack. Therefore, it is critical for individuals and organizations to be cautious of any web links or attachments from strangers and to prepare proactively, rather than waiting for an attack to occur. 

Don’t Get Tricked

There are plenty of ways not to get tricked and spooked online by inadvertently executing programs that run ransomware. The first step is to acquaint yourself with your digital assets, for what you do not know, you cannot protect. Second, identify vulnerabilities, and assess your organization's defenses. Third, cultivate resilience and implement business continuity plans, ensuring that ransom is never an option.

Lastly, in your individual capacity, be skeptical of emails, personal messages, and text messages from unknown individuals and organizations. Avoid hastily opening any attachments or web links unless you have verified their source as trusted. Furthermore, refrain from downloading media, such as music, videos, apps, or adult contents, from pirated sources.

Eskie Cirrus James D. Maquilang
Lead Consultant
KPMG in the Philippines

Eskie Cirrus James D. Maquilang is a Lead Consultant from the Technology Consulting group of KPMG in the Philippines (R.G. Manabat & Co.), a Philippine partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. For more information, you may reach out to Lead Consultant Eskie Cirrus James D. Maquilang or Technology Consulting Head Jallain Manrique through ph-kpmgmla@kpmg.com, social media or visit www.home.kpmg/ph.

This article is for general information purposes only and should not be considered as professional advice to a specific issue or entity. The views and opinions expressed herein are those of the author and do not necessarily represent KPMG International or KPMG in the Philippines.