Ransomware, is your company protected?
Everyone has heard about the ransomware infection at Colonial Pipeline, a major gas line serving the east coast. The ransomware infection at Colonial highlighted the vulnerability of the country’s critical infrastructure, which has been the target of an increasing number of cyberattacks. The water municipality in Texas, schools and hospitals have all been hit by cybercriminals, who scramble a victim’s computers and then extort a payment to decrypt them. It cost Colonial Pipeline $4.4 million so they could get operations going again.
The question, “Ransomware is your company protected?” Assume that it isn’t and then work to make sure you are. Today’s possibilities of threats give little confidence that antimalware software provides little peace of mind. In fact, antimalware scanners are horrifically inaccurate, especially with exploits less than 24 hours old. Malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.
What are some signs you may have been hacked?
- You get a ransomware message
- You get a fake antivirus message
- You have unwanted browser toolbars
- Your internet searches are redirected
- You see frequent, random popups
- Your friends receive social media invitations from you that you didn’t send
- Your online password isn’t working
- You observe unexpected software installs
- Your mouse moves between programs and makes selections
- You observe strange network traffic patterns
The game has changed drastically recently and has become a massive business for those who perpetrate these acts. A recent article in the Harvard Business Review states that a survey conducted found that 43% of the more than 6,000 companies surveyed had suffered a cyberattack in 2020, up 38% in the 12 months before and one in six of those attacks was a ransom attack. In 2020, the amount of ransom demanded grew to the mid to high seven-figure ranges, At the end of 2020 and into 2021, we have seen some ransom demands reaching into the tens of millions of dollars.
What should we do if we discover ransomware?
The attackers will create urgency and panic with their demands. Slow things down so you can make the right decisions for your organization. You will want to have your attorney involved along with your insurance company to help guide you during this ordeal. The key questions to consider when deciding whether to pay ransom include:
- How sensitive is the information that has been accessed or exfiltrated?
- Does the company have back-ups of the information, or does it need the decryption keys?
- Do the costs of refusal, such as business disruption, the impact to systems or customers, negative publicity or reputational harm, exceed the ransom demand?
- Is the threat actor tied to a company that is on the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned-entity list? (If so, it may be illegal under U.S. law to pay the ransom.)
- Depending on the severity of the incident and other factors, at least most companies will file an online report with the FBI reporting the indicators of compromise (IOCs) involved in the attack to assist law enforcement in tracking these threat groups and hopefully someday bringing them to justice. So far, there have been very few indictments, so your company will be left taking the hit.
How Can Companies Reduce the Risk from being Attacked?
There are a number of steps that companies can take to reduce the risk of a ransom attack, as well as the risk of damage if an attack occurs. These include:
- Back up all data. Back up your company’s data regularly. If something goes wrong, you should be able to quickly and easily revert to a recent backup. This won’t protect you from being the target of an attack. But if you’re ever attacked, the fallout won’t be nearly as devastating.
- Keep software updated. Ransomware attackers sometimes find an entry point within software by exploiting any vulnerabilities. Fortunately, some developers actively search for new vulnerabilities and patch them. Adopt a patch management strategy and ensure that all team members are constantly aware of the latest updates. The patches for the vulnerability have been around for four years, yet evidently many organizations still haven’t applied them.
- Use better threat detection. Most ransomware attacks can be detected and resolved before it’s too late. To maximize your chances of protection, have an automated threat detection system in place.
- Adopt multi-factor authentication. Multi-factor authentication forces users to verify their identities in multiple ways before they’re granted access to a system. If an employee’s password is ever leaked to a criminal, the attacker won’t be able to gain easy access to your systems.
- Use the principle of least privilege. Employees should never have more access to data than they truly need. Segmenting your organization and restricting access can provide a kind of quarantine effect, minimizing the impact of a potential attack and limiting the vectors of access.
- Scan and monitor emails and file activity. Emails are the default choice of cybercriminals. Scan and monitor emails on an ongoing basis, and consider deploying an automated email security solution to block malicious emails from reaching users. Also, consider scanning and monitoring file activity.
- Improve employee training. Most ransomware attacks are the by-product of bad employee habits or pure ignorance. Someone may voluntarily give out their password or download an unfamiliar file. With better employee training, the chances of this happening are much lower.
- Don’t pay the ransom. If your organization happens to be the victim of a ransomware attack, don’t pay the ransom. It might seem tempting to get out of this bad situation as quickly as possible. But even after paying the ransom, there’s no guarantee the attacker will be true to their word.
- Use anti-ransomware solutions. To achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files. Protecting against ransomware that “slips through the cracks” requires a specialized security solution. Use software monitoring to check for suspicious behavior commonly exhibited by ransomware. If these behaviors are detected, the program can stop any encryption before further damage is done.
Last but not least, if your unsure of what to do contact an IT Management company, they have the skilled team members who are able to provide the right solutions to protect your company from volatile attacks plus more. Catalyst IT is jut one company who can handle all aspects of your companies’ network, from managing your help desk, infrastructure, security, backup and recovery to consultation. For information you can call 877-843-9611 or click on our contact us link.