Anne Neuberger the Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology released a memo, “What We Urge You To Do To Protect Against The Threat of Ransomware,” detailing what both public and private businesses should do to combat the ransomware threat. Read now to learn cybersecurity best practices for businesses big and small.
Why is Ransomware Thriving?The combination of the below points, as well as global vulnerabilities like the COVID-19 pandemic, have created the perfect environment for ransomware to propagate. RAAS: Ransomware is much easier for cybercriminals to access than it was even a couple years ago. Ransomware-as-a-service (RAAS) functions in the same way normal business models do, meaning individuals can now launch malicious campaigns with relative ease. Huge cybercrime networks are no longer the only players in the ransomware game. Variety: With that comes a wider variety of attack methods. Attacks targeted to C-level businesspeople are now joined by broader spray attacks that hit the inboxes of employees, vendors, and the general public. Cheap attacks make cheap payouts worth seeking. No longer can a small business or Average Joe escape targeting because they don’t have millions in revenue. Seizing ransoms from high-profile attacks may actually encourage criminals to focus on victims that won’t draw as much attention. Cryptocurrency: What makes ransomware so lucrative in a digital landscape? The answer lies with the rise of crypto currency. Digital currencies like Bitcoin provide their users with a level of anonymity that is difficult, if not impossible, to break. While this was meant as a security feature, cybercriminals are able to use it to transfer the ransom payments to digital wallets that can’t be traced. Valuable Data: According to Chainalysis’ Mid-year Update Report, the total amount paid by ransomware victims rose 311% from 2019. A trend of payouts, along with the new threat of releasing data as blackmail for an unpaid ransom, mean that cybercriminals have a reliable, high-value source of income in your business data.
What Will You Do When Ransomware Strikes?Consider a situation like the one that struck the Colonial Pipeline network in May. Using a previously compromised password, criminals accessed a vulnerable virtual private network (VPN) and breached Colonial’s network, causing a two-day shutdown and gas shortages across the nation. In this were to happen to your business, would you receive a notification from your IT partner that systems are behaving abnormally at the very first sign of attack? Or perhaps you wouldn’t know anything was amiss until an employee logs on to discover their workstation has a ransom message that informs them that all the business’s data has been encrypted, and you must pay a massive ransom to get it back. Once you have been compromised and your data has been locked, what do you do? Do you have a plan? One or more of these descriptions may reflect how you respond.
- I will pay the ransom of approximately $50K – $1M for a small business and hope the criminals return my data as promised and do not retain a copy to sell on the Dark Web.
- I have solid backups and will work with my IT partner to regain access to my data within a week. I will follow recommendations from the government and FBI and not pay the ransom.
- I have dual destination hourly backups that have been tested by my IT partner. I can recover and run my company on a virtual server within an hour. I will follow recommendations from the government and FBI and not pay the ransom.
- I have reliable cyber insurance that explicitly covers ransomware. My IT partner will work with the criminals and my insurance to make the ransom payment. We will hope the criminals return the data as promised and not retain a copy to sell on the Dark Web.
- My company does not rely on data or network access. We will ignore the ransom and purchase what new systems we need.
- The loss of my data and maligning of my business’ reputation will devastate or destroy my company. I will attempt to do whatever it takes to recover my data, but anticipate that such an attack could result in disillusion or bankruptcy.
- My IT partner has extensive safeguards in place. I am confident any attack that gets through to one workstation will be contained and will not provide the criminals access to any unencrypted sensitive data or business-critical systems. I will ignore the ransom, take immediate action to remove any remnants of access from my systems, and continue business as usual.
Don’t Like Your Answer? Here’s What You Can Do Take a Stand Against Ransomware Today
- Employ an IT partner you can trust that is keeping up with the latest threats
- Create or review your emergency preparedness and incident response plans with your IT partner
- Consider utilizing aspects of a Zero-Trust access policy
- Regularly train your employees on cyberthreats and best practices
- Ensure that the basics like enterprise-grade antivirus/anti-malware, email monitoring and filtering, and hardware firewall are in place
- Keep hardware, software, and operating systems patched and up to date
- Meet with a cyber insurance company and see what requirements you’ll need to meet before being covered for ransomware