Ransomware Should Scare You

Ransomware is a type of malware that encrypts the target’s data (making it unreadable and inaccessible) and holds it for ransom.

Webinar: Ransomware Should Scare You

It feels like no more than a few days go by without another ransomware story in the news. What used to be just one threat present in the cybercrime landscape has now become the clearest and present danger to modern businesses.

Don’t assume we’re exaggerating this for effect—experts estimate that a ransomware attack will occur every 11 seconds in 2021. It’s almost a total certainty that you will be attacked with ransomware at some point, and possibly even infected. That’s why you need to take action and defend yourself.

Discover how you should be defending yourself, and how to respond to an infection to minimize the damage, in this episode of Nobody Told Me That!, hosted by Teresa Duncan, featuring Dan Se Steno:

What Is Ransomware?

Ransomware is a type of malware that encrypts the target’s data (making it unreadable and inaccessible) and holds it for ransom. It targets all data on the target’s systems, making it impossible for them to ignore until they pay the ransom or restore the data from backup.

Typically, an unsuspecting employee clicks on an emailed attachment that appears to be a bill or other official document. In actuality, the attachment installs a malicious software program (malware) onto the computer system.

There are a number of ways that hackers can trick targets into downloading ransomware:

  1. Phishing: Phishing is a social engineering technique that “fishes” for victims by sending them deceptive emails. Phishing attacks are often mass emails that include ransomware as an attachment.
  2. Malvertising: Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox. They spam users with official-looking pop-ups informing them of an “infection” or “security alert” prompting them to download a file or click a link. As with so many of these methods, it just comes down to getting the user to interact with malware in some way without them knowing it.
  3. Out Of Date Hardware: Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.

Are Your Remote Users Secure?

Ransomware is a particular threat during the ongoing coronavirus pandemic, which has forced many businesses to hastily adopt a remote work model. With employees stuck at home, they have no choice but to find a way to deliver remote access to business data and applications.

Even before the pandemic, it was becoming increasingly more common for businesses to hire remote workers—that is, staff members that work from home, outside of the business’ city of operation, and even much further away.

It’s important to recognize that this pandemic will be like open season for cybercriminals. When businesses start prioritizing remote access to data over the security of that data, they make an easy target for hackers.

Think of it this way—at the office, everything is protected by the same set of cybersecurity solutions (firewalls, antivirus software, etc.). These are defenses that you’ve invested in and can trust.

Is the same true of your employees’ home networks and personal devices? Probably not.

With so many employees operating remotely, working from a laptop or smartphone, how can you be sure that your data is completely secure? Are you taking the necessary steps to maintain security while your staff works from home?

Do You Have Data Backups?

Data loss is often the result of poor digital security; without the right defenses, cybercriminals can easily infect an IT system with ransomware or other types of malware and compromise company data.

In recent years, more advanced forms of ransomware have demonstrated the capability to encrypt backups as well. That means that offsite backups that are connected to onsite systems are just as at risk of data loss as those stored locally.

That’s why you should make an investment in a comprehensive backup data recovery solution (which includes digital air-gapped capabilities) so that you can restore your data at a moment’s notice when necessary.

The best way to enhance your data backup capabilities is to work with a capable IT company like NOVA. No matter who you work with, be sure they can provide a solution that fulfills the following requirements:

  • Comprehensive Backups: The backup solution should provide both local onsite backup for quick recovery in instances of data loss, as well as an offsite cloud-based backup for when your business is hit with a critical disaster. Furthermore, these offsite backups need to be protected by a digital air gap, ensuring they are not at risk of encryption in the event of a ransomware attack.
  • Regularly Tested: Your IT company shouldn’t expect you to assume that your backups will just work when needed. They should regularly test your backups to verify their effectiveness in the event that something goes wrong with your onsite data.
  • Convenient Restoration: Don’t settle for clumsy, all-or-nothing backups. You should be able to choose a point in time to restore in the event that the data has been deleted, corrupted, or there has been a malicious intrusion.

The key is in finding the right third-party backup solution to keep your data protected against hardware failure, ransomware, human error, and whatever else may occur.

The Threat Of Ransomware Is Evolving

Just a few years ago, ransomware wasn’t as big of a concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware.

Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money. Characteristics of modern ransomware attacks include:

  • Expanded Timelines: Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
  • Improved Capabilities: Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well.

Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility. All of this is to say that you can’t assume you won’t be infected at some point.

No matter how strong your defensive capabilities are, ransomware may still get through. That’s why you need to plan out how to respond to an attack.

How Does Ransomware Cause So Much Damage?

Cybereason recently conducted a survey of 1,263 cybersecurity professionals to study the real-world effects of ransomware. There are a number of key costs that will come with a ransomware attack, including:

  • Ransom: This is the most obvious cost, and it just keeps going up. According to cybersecurity company Coveware, what was an average ransom of $6,733 in 2018 has increased to $12,672 in 2019. As of this year, Cybereason reports that 35% of respondents who paid a ransom said it cost them between $350,000 and $1.4 million; 7% paid more than $1.4 million.
  • Loss Of Revenue: Beyond the actual ransom paid, targets also noted a loss in business as well. 66% of respondents in the Cybereason study reported that their organizations were hit by major losses in revenue due to a ransomware attack.
  • Downtime: As Kaspersky notes, 34% of businesses hit by ransomware take up to a week to regain access to data. In that week, you’re still incurring costs associated with downtime while you and your staff can’t access your data. That’s time in which you can’t get work done, can’t serve your clients, can’t gain new business, and yet, still have to pay your employee wages and ongoing costs to keep the lights on.
  • Reputational Damage: Current and future clients will think twice about working with a company that was infected by ransomware. A little over half (53%) of Cybereason’s respondents reported suffering brand and reputation damage because of ransomware.
  • Personnel: The fallout of a ransomware attack can often lead to loss of staff as well, either as a matter of damage control (laying off responsible C-Level executives) or as a response to lower revenue (layoffs). 32% of those polled by Cybereason reported that C-suite members left their organization, and 29% of the organizations surveyed had to lay off employees
  • Remediation: Lastly, there’s the cost of damage control. Do you have to hire an IT company to help you out? Do you have to hire a forensic cybersecurity crew to determine how you were attacked? Do you have to pay fines for breaching regulations? These all get added to the bill for getting hit by ransomware.

Finally, there’s always the chance that all these costs combined will spell the end for the business in question. According to Cybereason, 26% of respondents had to close their businesses for good.

In a nutshell, ransomware is becoming more common, more expensive, and more pervasive. Have you stepped up your cybersecurity measures to compensate?

How Can You Defend Against Ransomware?

  • Access Controls: Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories. Furthermore, only those needing local admin rights are to be provided with that access.
  • Firewall: Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users or suspicious connections from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
  • Network Monitoring: Your IT company should be keeping an eye on your systems around the clock, identifying and suspicious activity and addressing it immediately to prevent any negative effects.
  • Data Backup: If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.  That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary. Be sure to:
    • Back up data on a regular basis, both on and offsite.
    • Inspect your backups manually to verify that they maintain their integrity.
    • Secure your backups and keep them independent from the networks and computers they are backing up.

Separate your network from the backup storage, so the encryption process is unable to “hop” networks to the backup storage device. This keeps your backup data from being encrypted.

Log4Shell Presents New Cybersecurity Risks

A newly discovered Java vulnerability, Log4Shell, began putting users at risk late in 2021. Hackers started using this tool to take over target systems and wreak havoc.

Users discovered this vulnerability in an Apache application called log4j, which is widely used in software around the world. This tool allows programs to log information. Some versions of log4j include this vulnerable Java code. Cybercriminals recently figured out that they could use a bug in log4 to assume control of target systems by having it log a specific message.

This is especially worrying given how popular the tool is. This vulnerability has put thousands of users at risk.

3 Questions To Ask Before You Outsource IT Management…

  1. Will You Provide A BAA? Business Associate Agreements (BAAs) are an important part of HIPAA compliance for your practice. These contracts should clearly outline a Business Associate’s responsibilities regarding your PHI and can pose a serious liability risk if the BAA isn’t negotiated effectively. Any outside entity or individual that is charged with receiving, maintaining, creating, or transmitting PHI is considered a Business Associate and needs to have a BAA of their own in place with your practice.
  2. Do You Have Cybersecurity Insurance? Cybersecurity insurance is protection designed specifically to help cover the potentially massive expenses associated with an unavoidable data breach. We recommend at least $1M in coverage (for you and any third parties you entrust your data with).
  3. Do You Enable MFA Wherever Possible? Maintaining strong and complex passwords may sound easy in theory, but in reality, most users opt for easy-to-remember passwords instead. Multi-factor authentication (MFA) is a great way to overcome the users’ resistance to maintaining strong passwords, while still ensuring adequate standards of cybersecurity.

You Can’t Ignore Cybercrime And Hope It Goes Away

In summary, there will never be a way to be 100% protected from an attack, or worse, an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risk of being infected with ransomware can be dramatically reduced.

Get in touch with the NOVA Computer Solutions team to discover more about developing a modern ransomware defense.

Latest Blog Posts

Read The NOVA Blog