The Ransomware Epidemic and How to Protect Yourself
Ransomware attacks are malware-based attacks that encrypt an organization’s data, and then demand a ransom to receive an electronic key to unlock access to the data.
We’ve all heard about some of the recent high-profile ransomware attacks.
In May, 2020, top U.S. fuel pipeline operator Colonial Pipeline shut down its entire network, the source of nearly half of the U.S. East Coast’s fuel supply, after a cyber attack that involved ransomware.
Colonial transports 2.5 million barrels per day of gasoline, jet fuel and other fuels through 5,500 miles of pipelines. The head of Colonial Pipeline shut down the pipeline’s operations for a week, creating long lines at gas stations and driving the price of oil to $3 gallon for the first time in years. Reports are that Colonial paid nearly $5 million as a ransom to the cybercriminals. Ultimately Colonial was able to recover about $2.3 million of the ransom due to the efforts of federal authorities; however, such recoveries are rare.
Unlike supply chain attacks, such as the massive breach known as SolarWinds, the motivation for ransomware attacks is purely financial, as voiced by a written communication from DarkSide, the group responsible for the Colonial Pipeline hack. "Our goal is to make money, and not creating problems for society.” However, since these groups are regularly targeting schools and hospitals, creating problems is exactly what they’re doing.
In addition to closing down operations, variations include threats to publish confidential data on the Internet if the ransom is not paid.
How does it happen?
Through phishing email – an email that often looks like it comes from a reputable source has a malicious attachment or link to a site that acts as a sort of Trojan Horse
Through your provider – Known as a supply chain attack, the hackers are able to insert code into a benign software component that is pushed through to multiple users in the form of an update.
Why is it getting worse?
Criminals are becoming more sophisticated – they can encrypt backups first, leaving a company with no fallback position.
Fueled by the near complete anonymity and the limited capability of law enforcement to trace and recover cryptocurrency transactions, cyber criminals have become emboldened to attack any targets they believe can be successfully compromised and coerced into paying a ransom.
Cyber criminals are encouraged every time a company pays a ransom, so more and more are “getting into the business.”
What are some common flaws that enable ransomware?
Analysis of publicly disclosed ransomware attacks has revealed several flaws that were either already known by the victims or should have been discovered by typical governance and oversight processes recommended by security and IT professionals. In many cases:
Internet-facing systems had vulnerabilities that were not patched
Employees were somewhat or highly susceptible to phishing attacks
Data backup programs were either nonexistent or had not been fully tested in a long while
Key Defensive Measures
Keep systems maintained
Perform vulnerability scans and pen tests
Deploy patches quickly and comprehensively
Limit your attack surface
Limit access rights
Minimize mount points
Train your personnel
Reduce your exposure
Above all, upper management must prioritize cyber security. Because a choice between paying an exorbitant ransom, shutting down operations, or exposing sensitive customer data isn’t a choice at all.
Every day, we are finding temp and perm roles for thousands of people; people like you who power the world of work. We call it huManpower. And our Talent Agents and Recruiters will help you find yours.