Ransomware is a topic of conversation for quite some time, but it is been incredible to look at how this phenomenon has grown and now use where it is today.
In the united states earlier this year we had the problem reach epic proportions, with attacks against the Colonial Pipeline and JBS provoke an international political response and cause disruptions that have been felt personally by countless everyday citizens.
Here in the united kingdom we had an early taste from the potential human cost of ransomware dating back to 2022 with the WannaCry attack. Its most high profile victim was the NHS, and estimates place the quantity of cancelled hospital appointments at over 19,000. But ransomware has evolved since then – the size of the ransoms has pushed the issue in the board's agenda and the attacks themselves have become much darker, manipulative and disruptive that before.
It was once much easier to handle the ransomware strains and tactics of old: possess a business continuity strategy in position, good backups, and effective recovery processes in position, and you won't have to pay any hackers a penny. These days though more and more companies are make payment on ransom due to the increased sophistication and targeted nature of the attacks. Although the figures can sometimes be in the millions of dollars, organisations wonder if cyber insurance is the best bet, or if simply paying the ransom will probably be the cheaper option because of the multiple angles of extortion that attackers may take.
Unfortunately using the current wave of ransomware, there is no silver bullet or answer of what you must do during these situations, but what's clear is the fact that defence is still very important – once you're hit with ransomware, there is no way round the proven fact that this is a dire situation – it will cost you money in a way, it will disrupt your services and may affect your company's reputation.
An ounce of prevention may be worth one pound of cure. This is an inconvenient truth that most ransomware attacks, whilst sophisticated within their targeting and planning, incorporate some type of basic security hygiene failings. Cybersecurity and business leaders need to be opting for a layered defence, which reduces your attack surface, enables you to minimise disruption if at all possible, and may even bring down your cyber liability insurance premiums, if that is the route you want to capture.
The 5 layers of ransomware protection:
- End-user training: It's important to educate and train your userbase and inform them the risks. Educate them around the ways in which ransomware enters an organisation . Customers ought to be informed about physical opportunities for ransomware to enter the organisation. For instance, you will find known installments of infected USB keys being left in car parks, office lobbies, etc. and being picked up by unsuspecting users who plug them right into a laptop.
- Patching: Keep the systems current. Don't rely on remembering, or spreadsheets. Automate the procedure. Don't leave it to chance. Patch all machines, clients and servers.
- Not just Windows: Don't think that case a “Windows thing.” Linux continues to have its threats, so keeping Linux servers updated is equally as important.
- Network monitoring: Be sure you monitor something that looks like traffic interception. Re-routing, spoof apps and traffic re-direction are the starting point to accessing the wider organisational infrastructure with 'Man within the Middle' attacks. An effective attack in your Active Directory is like handing within the keys to the castle to your worst enemy.
- Data protection: Copying your data seems obvious, right? Well, they are still servers, and they are still running a practical system, and it makes them just like vulnerable. Moreover, backup items that use network shares to store backup data are at high risk, since network shares really are a target for most ransomware.
What about when Data Protection isn't enough?
All things considered, creating a layered defence may be the only reasonable outcome that must definitely be employed. Simply counting on a data protection solution as a prevention measure is not enough.
Data protection is really a reactive technology. You respond to a necessity that requires data to be recovered. Data protection is completed on a regular basis, or ought to be, to mitigate against data loss. However this is only effective when the solution provides methods to prevent lack of the backup data itself.
Consider for a moment exactly what a backup solution must achieve: It must move all your data from point A to point B as quickly as physics will allow. At least that's what most people will appear for. This necessitates that it has access to all of the organisation's important data, applications, network, production storage, etc. In fact, it's more access than most corporate users, aside from domain administrators!
Yet, we still see data protection solutions which are poorly secured with default passwords. Or these data protection solutions use open shares that are exactly that: available. We've all done it. Selecting 'Everyone' like a permissions choice is the easiest way to create something work, but which creates one of the easiest entry ways for ransomware.
Preparing for the next chapter