Ransomware is a growing threat to every organisation on the planet; it seems we can’t go a day without seeing another high-profile ransomware attack being detailed in mainstream media. Cyber-criminals are innovating at a phenomenal pace in this growing ‘industry’, because they have the funds to do so. In fact, many cyber-criminal groups have more funds than most enterprises. Staggeringly the cost of cyber-crime was reported to be more than $1 trillion in 2020, more than 1% of the global GDP. To put that into perspective that’s a higher GDP than the Netherlands. As the £££ cyber-criminals are making continues to increase it means they will have more money to invest in adding resources and people to continue enhancing threats.
Let us take a quick look at how companies get hit by ransomware. There are many methods, some of the most common include:
- Phishing emails that launch ransomware attacks via inline links, links in attachments, or fake attachments.
- Browsing unknown links and websites.
- Downloading and accidentally running infected software.
- Inserting or connecting an infected disk, disc, or drive.
- Operating system based vulnerabilities if the OS is not patched to the latest levels.
- Plugin based vulnerabilities if plugins are not patched to the latest levels.
- Infrastructure vulnerabilities (network, storage etc.) if not patched to the latest levels.
That list is continually expanding as more vulnerabilities are found.
There are currently many more remote workers due to the current global situation with COVID-19. This also results in a higher level of risk to organisations with most home networks undeniably easier to hack into than office networks.
Hackers are becoming increasingly sophisticated and often once they are in, may sit dormant for a period, planting attacks, watching activity, and waiting to execute at a later date, thus making recovery from an attack more complex, meaning organisations are more likely to pay the ransom.
A common comment I hear is ‘we have network edge or endpoint protection, so we are safe.’
Sadly, that is wrong. Whilst edge and endpoint protection solutions are a necessity and do a great job in attempting to prevent many methods of attack – including phishing, outbreaks via traps on unknown links and downloads, and blocking deployments via disk, disc, or drive – they do not protect against every form of outbreak.
So, why should you care and what can you do to ensure your business does not get taken down and potentially wiped out via ransomware? First and foremost you should care because these cyber-criminals are trying to target the personal and financial security of businesses and individuals and they present a major threat to national security and human life. The fact that many of these criminals have no issue taking down systems that are crucial to the continuation of life in places such as hospitals sadly shows that they have no remorse or moral values.
What we can do is work together as technologists to stand up and fight against these criminals and with a multi-pronged ransomware protection strategy.
A key question I am often asked is how to we prepare for an attack? To do this you have to start thinking about how data and systems are currently protected and what the typically known attack vectors are such as the seven listed earlier in the article.
My five key ransomware attack preparation steps are as follows.
- Ensure you have antivirus and firewalls deployed and enabled on all endpoints, especially if using your own personal devices. Antivirus and firewalls with network traffic control are essential for comprehensive edge and endpoint protection.
- Run a Security Information and Event Management (SIEM) platform that can enable real time ransomware protection, behavioral analysis, monitoring of traffic and operating system and application log monitoring to provide a holistic overview of your IT infrastructure.
- Enable a regular patching schedule for all operating systems, applications, appliances, plugins and infrastructure devices to ensure software vulnerabilities are minimised.
- Ensure you have a robust data protection solution in place that delivers secure and air-gapped backups that are immutable.
- Implement layered security and permissions structures to ensure no single users have write access to all folders and documents in shared areas. Alongside this also run regular penetration testing to analyse your security and attempt to uncover vulnerabilities. If vulnerabilities are found ensure these are acted upon to make your environment more secure and less vulnerable to attack.
Recently Microsoft, AWS, the FBI and the UK’s National Crime Agency joined the Ransomware Task Force which provides a broad coalition and an initial framework that aims to decrease the number and success rate of ransomware attacks. The framework provides detailed recommendations on how to deter, disrupt, prepare, and respond to ransomware attacks.
This taskforce report framework contains key information useful in protecting your company’s data with a multi-pronged approach ensuring you have prepared for a ransomware attack and have a response plan in place so you are ready if you are attacked.
We have a shared responsibility to break this flourishing industry and ensure it doesn’t grow any further. A lack of preparation and thinking will cost us all more in the end.
Contributed by William Bush, Senior Solutions Architect, Catalogic Software