Recent ransomware attacks and security breaches are detrimental to an organization’s business data, and reputation.
Ransomware attacks are not new, but the rate at which they are occurring in the United States is radically increasing. Ransomware attacks are up 365% according to TechRepublic.
What are ransomware attacks?
Ransomware is a type of cyberattack wherein an organization or individual threatened for money. The attacker threatens to publish the victim’s personal or corporate data or permanently block access to it until a ransom is paid—usually via a cryptocurrency like Bitcoin. Other recent variants include cutting off access to utilities, internet access, oil pipelines, and corporate intranets.
Can you refuse to pay ransomware?
The US government prefers you to refuse to pay cybercriminals. The more we see companies pay these criminals, the more they are encouraged to continue. Ransomware isn’t just some guy calling you up and threatening you. The attack happens quietly and subtly, the attackers bide their time, and you find out later. Some companies don’t find out until six months after the attack.
Ransomware uses a technique called cryptoviral extortion. Usually, an ordinary-looking file or link is sent to an individual at a company. If the user opens, downloads, or clicks, the network is compromised. There are worse versions, such as in the infamous WannaCry worm attack that ran with no intervention on the user’s part at all!
The US government takes a stand against ransomware
The US government is warning executives and business owners to take immediate steps in preparation for ransomware attacks. In a new memo out of Washington, the US government warned cybercriminals no longer as dedicated to stealing data. Today’s cybercriminal wants to directly interfere with a company’s core operations.
“The threats are serious and they are increasing,” wrote Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, in a June 2 memo from the White House.
Lisa Monaco, who ran the Department of Justice’s efforts to defend against cyberattacks, said the recent high-profile hacks of Colonial Pipeline and meat processing plant, JBS were perfect examples of what has unfortunately become des rigueur in attacks against US businesses.
“The message needs to be to the viewers here, to the CEOs around the country, that you’ve got to be on notice of the exponential increase of these attacks,” said Monaco.
“Colonial Pipeline CEO Joseph Blount has said that his company paid DarkSide, the criminal group behind the attack, a $4.4 million ransom in bitcoin. DarkSide shut itself down in May but had reportedly received $90 million in bitcoin ransom payments.” —Tucker Higgins, CNBC
According to John Chambers, former CEO of Cisco Systems, over 65,000 ransomware attacks are expected in the US this year (2021). He adds that 65,000 is “a conservative number,” and the actual number “may reach or exceed 100,000, with the average cost of each attack on a company costing ~$170,000.
“The private sector also has a critical responsibility to protect against these threats. All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,” Neuberger wrote.
Five Security Steps You Need to Take Now:
Neuberger went on to outline five steps companies of all sizes need to take:
- Back up your data, system images, and configurations, regularly test them, and keep the backups offline.
- Update and patch systems promptly.
- Test your incident response plan.
- Check your security team’s work.
- Segment your networks.
- Keep clear inventories of all your digital assets and their locations so cybercriminals do not attack a system you are unaware of.
- Keep all software up to date, including operating systems and applications.
- Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
- Back up all information to a secure, offsite location.
- Segment your network: Don’t place all data on one file share accessed by everyone in the company.
- Train staff on cybersecurity practices, emphasizing not opening attachments or links from unknown sources.
- Develop a communication strategy to inform employees if a virus reaches the company network.
- Before an attack happens, determine if your company will plan to pay a ransom or launch an investigation.
- Perform a threat analysis in communication with vendors to go over the cybersecurity throughout the lifecycle of a particular device or application.
- Instruct information security teams to perform penetration testing to find any vulnerabilities.
Contact a reputable, security-based IT team to audit your existing network and prevent future attacks. (Pro Tip: We do this) Red Level can see opportunities and threats to your data that your internal IT department has become blind to. Please. Call us or contact us by email and let us ensure your company doesn’t become one of 2021’s cybersecurity statistics.