How much are the costs of a ransomware attack? Industry experts have estimated that in 2019 alone, the cost could have exceeded $7.5 billion. This has significantly increased from 2017 when Cybercriminals extorted $5 billion from businesses. Ransomware attacks are bad for business and growing in prevalence every year. In 2020, ransomware attacks have increased on law firms, hospitals, universities, city municipalities, and school networks. In September, a hospital in Germany suffered a ransomware attack that ultimately caused someone's death.
What is ransomware?
Ransomware is malicious software that encrypts your files until you pay the criminals to have them unlocked. Most of these attacks are unsophisticated and rely on human error. There are many ways ransomware can gain access to a network. The most common method is through phishing emails. These emails will come with attachments disguised as a trusted file. When an employee clicks, downloads, and open the malicious link, it can take over the victim's computer. Most victims don't know they are compromised until it's too late.
Modern ransomware tactics are evolving and adapting to ensure the most significant profit is made. These profits support cybercriminal black-market trafficking and terrorism efforts. In the past, hackers used more of a "get rich quick" scheme. The cybercriminals would first launch a ransomware attack on company data. The files were then downloaded and locked by the criminal. Shortly after, the victim received the dreaded "ransom email."
As time went on and hackers experienced financial success, they recognized a greater opportunity to increase profits. They have now shifted to a "sit and wait" method. With this tactic, once a victim's computer is breached, the hacker does not announce their presence right away, remaining silent. They "sit and wait" and prowl around an organization's network, off-loading as much valuable information as possible. The more critical data the hackers can harvest, the higher the ransom demand can be.
Following a ransomware attack, companies deal with complicated involvement from the local authorities, cyber insurance companies, and federal agencies (where appropriate) for months, even years. To better avoid ransomware events, organizations can take the following steps to protect themselves.
Steps to Protect Your Organization From Ransomware
The suggested best practices below are a good way to start down the road to a secure network environment. These methods help mitigate the human factor and help keep your company anonymous to cybercriminals.
Security Awareness Training
One of the top methods for cybercriminals to gain network access is through a simple phishing email. Hackers precisely craft their emails to trick the recipient into downloading their malware, then hold their system for ransom. This "human element" can be addressed by properly and consistently training your end-users. By setting up a security awareness training program you can have unannounced, phony phishing tests sent to your employees on a consistent basis. Over time, this will encourage employees to ask themselves, "Should I click on this link?" when blazing through daily emails.
Multi-Factor Authentication (MFA) is a means of utilizing at least two or more of the following three 'factors' to identify a user attempting to log on to your network:
- Something you KNOW (username and password)
- Something you HAVE (a trusted smartphone, key fob)
- Something you ARE (fingerprint, eye scan, behavior, etc.)
With MFA enabled, in the event that an end user's password credentials were compromised, the hacker would also have need to have stolen a second, or third required credential from their victim to gain access. It is always important to start with a strong internal password policy to minimize the chance for stolen credentials, however stepping up your authentication requirements to enable MFA with a two-, or even three-, factor environment will help create an even more secure network.
Also, review all existing platforms for their MFA capabilities. Many applications already support MFA and need only to be activated. When selecting new applications, ensure they also support MFA.
To create a secure environment, it is essential to have a disciplined approach when applying vendor updates and patches to company equipment. All major vendors consistently release updates and patches for their software and hardware to address security issues and other performance defects. Hackers can quietly perform scans on your network to look for any unpatched known vulnerabilities to exploit.
There are many entry points a hacker can take to covertly scan your network. Entry points are made when employees remotely hook into the backend of your system. A typical example of creating an entry point would be the connection made to your company server using the wireless network at a local coffee shop. Another point could be the connection to the company employee portal through the internet. Remember that if a patch for a vulnerability exists, the hackers know it and can tell if you haven't applied it. Take the time to apply critical patches to plug the holes in your security posture.
"Germany's Federal Agency for Security in Information Technology said Thursday that the attackers breached the hospital using a hole in 'network' software that was (not) patched (by the hospital) last January (when the patch was released). Because the hospital failed to update its software, cybercriminals were able to use the flaw to break in and encrypt data." (source: nytimes.com)
Today, ransomware breaches are significant threats to organizations and individuals alike. Following the best practices listed above will further protect your sensitive data from cyber attackers. To find out where your company stands against cybercriminals, consider having a Cybersecurity Risk Assessment through Systems Engineering. An assessment is a great way to identify your cybersecurity risks and ensure you have the right mix of security measures in place to protect your organization. Select the link below to learn what is involved in a Cybersecurity Risk Assessment.
For more information on maturing your security posture, take time to talk with one of our cybersecurity experts here at Systems Engineering. Call 888.624.6737 or email firstname.lastname@example.org. Clients, please reach out to your Account Manager directly.
Joe Slone is a Technology Consultant with Advisory Services at Systems Engineering. Joe has over 20 years of experience in both IT and Project Management. He retired from the Navy as a Petty Officer First Class in 2018, and shortly after joined the Systems Engineering team.