If you’ve been keeping pace with the information security world, you’ve heard about the significant uptick in ransomware attacks. Most notably, the attack which Louisiana’s Office of Technology Services last November. Another crippling attack happened last spring in Baltimore and remains notorious. City employees were locked out of email accounts and other critical systems, while citizens were unable to access government services, such as the ability to pay water bills, parking tickets, and property taxes via the city’s online portals.
As a result of the undeniable increase in ransomware attacks, particularly against critical infrastructure, the FBI has released an alert bringing attention to the rising occurrences across all sectors. In 2019, a new organization fell victim to ransomware every 14 seconds. In 2021, incidents are expected to increase to every 11 seconds (Cyber Security Ventures). Clearly, the rise of ransomware in recent years is growing at an unprecedented speed. So, what should we do?
The majority of ransomware attacks start with an end-user downloading a phishing email or visiting an infected website. In some cases, certain types of ransomware are created as a “time-bomb attack,” designed to delay execution for weeks or months rather than stealing, wiping, or extorting data as soon as a computer or server is breached. This variation of ransomware is more difficult to track and recover from. More sophisticated attackers have been targeting government entities and agencies, using hacking tools and other components allegedly stolen from government sources. The recent attack on Baltimore is a prime example of this emerging paradigm. The attack is still having an impact, and it’s born of a significantly higher level of sophistication.
There was a brief period when attackers were trying to be “upstanding” about their ransomware demands by following through on giving targets the key to decrypt data as promised upon payment. Sadly, this follow-through served to further these operations. As targets were more apt to pay the ransom, the attackers would take advantage of this and come back around for a second attack. Now, the attackers, typically hacktivists, are just shredding assets for the sake of it and with the design of destroying or disrupting vital services. A targeted enterprise might give in to the ransom demand, yet still not receive the decryption key. Apparently, there’s no honor among thieves.
Fortunately, there are proven strategies to reduce the risk of ransomware attacks. First, most ransomware infects a device by transfer via open shares or via download from the Internet. In some rare cases it is placed on a device by a hacker. In all cases, hardening your server and having restrictive policies on the server that prevent downloads, file executions etc. will prevent Ransomware from taking root. Second, a good anti-virus/anti-malware tool that scans all in/outbound files and routinely scans static files is essential. Third, good backups over multiple days and weeks is demanded. Fourth, a sound and tested backup recovery strategy is essential, where recovery data is scanned for malicious traffic. If the server that becomes infected is backed up, your managed security service provider can simply roll back to the latest good backup.
Typically, in an enterprise or government environment, numerous IT professionals are handling servers and data; there are many cooks in the kitchen, so to speak. A multi-layered defense, separation of duties, and comprehensive end-user training are all key components of an effective security strategy that can mitigate the risks of ransomware attacks.
The biggest risk in a corporate setting is your end-users, including customers. Once a workstation is infected with ransomware, it’s only a matter of time before it spreads. If effective security controls are lacking within your organization, it may be worth considering data protection services, where the separation of duties and multi-layered defenses are natively built in. Ransomware has been around for thirty years and isn’t going away anytime soon. In fact, it will only continue to increase in frequency and sophistication according to studies. The best you can do for your business is to maintain a strong position of defense and know what to do in the event of an attack.