Ransomware attacks are here to stay, so it is vital to be prepared and don’t become a statistic. Here are 5 tips to help protect your organization.
Commerce Secretary Gina Raimondo said recently that ransomware attacks “are here to stay,” and that businesses should plan accordingly.
“The first thing we have to recognize,” she said, “is this is the reality, and we should assume and businesses should assume, that these attacks are here to stay and, if anything, will intensify. And so just last week the White House sent out a letter broadly to the business community urging the business community to do more.”
At their Geneva summit meeting this summer, U.S. President Joe Biden told Russian President Vladimir Putin that if Russia continues to launch cyberattacks against the U.S., it will face retaliation.
“I pointed out to him that we have significant cyber capability. He knows that. … If, in fact, they violate these basic norms, we will respond in a cyber way,” Biden said at a post-summit press conference.
Putin dismissed allegations that Russia or Russian-based malicious actors were responsible for cyberattacks in the U.S., including the recent ransomware attack on Colonial Pipeline Co. He said most cyberattacks originate from the U.S. and South America.
The Russian leader, however, noted there are areas of mutual interest on the cyber front that both nations can explore.
“We believe that cyberspace is extraordinarily important – in general, and in particular for the U.S., and to the same extent for Russia,” Putin said during his separate post-summit press conference.
Putin said that Russia, like the U.S., is a major target of cybercriminals.
“We encounter this every year. For example, one of the health systems in a very important part of Russia was attacked. So, it means that this work is being coordinated,” Putin said. “In the U.S., I don’t think that the U.S. administration is particularly interested in organizing that or looking into it. All they do is to make insinuations. What we need is expert consultations between us. We agreed to that, in principle. Russia is prepared for that.”
Currently, Russia has little incentive to cooperate with the U.S. on cybersecurity, says James Lewis, senior vice president and director of the Strategic Technologies Program at the Center for Strategic and International Studies.
“The best we can hope for is that Russian criminals will be told to lay off critical U.S. infrastructure and stick to other commercial targets,” Lewis says.
Ransomware: An Undeniable Threat to Businesses
Ransomware has become an undeniable threat to business growth, profitability and security. It’s a ruthless type of malware that locks your keyboard or computer to prevent you from accessing your data until you pay the ransom, which is usually demanded in untraceable Bitcoin. Cybercriminals are turning this type of attack into big business, raking in billions each year as many businesses have no choice but to pay up.
How does ransomware get into the network?
Surprisingly, it’s NOT those random USB drives floating around from unknown sources. That’s old school, and cybercriminals operate much more effectively now. The most common vehicle for ransomware attacks today are email, such as phishing or spearing emails, and compromised websites.
One email is all it takes.
We’ve all become so used to email as the major form of business communication that getting someone to click a link is easier than ABC. Ransomware attacks come disguised as legitimate emails that can trick your employees into clicking through to an infected website or opening an infected attachment. Unfortunately, cyber criminals have gotten really, REALLY good at faking internal emails, external communications from stakeholders and seemingly genuine inquiries from customers. They’ll often conceal their ransomware in normal attachments like invoices and reports in Office docs as well as PDFs. Even TXT files can actually be an executable javascript in disguise!
Infected websites aren’t always obvious.
Let’s face it, cybercriminals will infect any web page they can get their hands on, which is why of the less reputable sites should be avoided. But it’s not just about making sure you and your employees stick to suitable sites, mainstream websites can also carry ransomware infections ready to spread to all visitors. It’s happened before – in 2016 the New York Times, BBC & MSN homepages accidentally exposed thousands of web visitors when their infected site showed malicious ads.
What happens during an attack?
As soon as ransomware is in the door, it immediately scans local and connected drives (including connected backups) and encrypts thousands of files. Within minutes, everything from Office files to multimedia is locked up tight, inaccessible to all users – even admin.
REvil Ransomeware Hackers are Ramping up Efforts
Then a notification appears demanding a ransom to unlock the files and gives helpful instructions on how to pay it. At this point, many businesses are on hold until the situation can be resolved. Typical options include: restoring from safe, external backups; wiping the entire system and starting again; or paying the ransom and learning a hard lesson in data security.
How To Protect Your Organization
The number one way to mitigate the damage from any attack to your system is to prevent it from happening in the first place. It’s vital to protect your organization from all points of entry, and ensure that organizations are aware of all the points of entry that are being utilized by employees.
Cybriant helps organizations with 24/7 monitoring of their networks through Managed SIEM, MDR, Vulnerability Management, Patch Management. We help organizations understand their compliance stance through risk assessments, pen tests, and more.
We have recently introduced CybriantXDR, comprehensive threat detection and remediation service.
With CybriantXDR, you will have increased visibility along with the right technology, and security analysts watching that technology around the clock. With machine learning and artificial intelligence, our team is able to stop any bad actors before they execute.
Protect Your Business with Cybriant’s IT Security Best Practices Checklist