Shadowy figures, cryptic notes, demands for money, a ticking clock, and absolute terror. With a recipe like that, it’s no wonder the ransom plot has been a Hollywood film trope for decades. But as fun as it is to watch in a theater, ransom plots are crippling when they’re real.
And in the modern digital world, they play out most often as hacker programs that steal data and access to critical systems before demanding payment….or else. Threats to expose confidential information or to destroy networks happen more frequently than you may think to large and small organizations around the world.
Ransomware attacks can bring a business to its knees overnight. Hackers exploit employees or unprotected systems, worm their way into the digital infrastructure of a business, then hold data or access hostage until a ransom is paid. Over the past decade ransomware attacks worldwide have grown tremendously.
The Cost of Ransomware Attacks
Just how much are hackers demanding from businesses? According to a 2017 report, the average cost of a ransomware attack was just over $700,000. Many small and medium-sized businesses simply can’t afford such an attack.
Even if businesses can survive, there will likely be certain sacrifices that have to be made and it could take the business years to recover, if at all.
The City of Atlanta’s Ransomware Attack
While that number might be shocking, take the 2017 attack on Atlanta as an example. In March of 2018, the City of Atlanta was hit with SamSam malware. It devastated city systems, including court scheduling, online bill payments, police dash-cam video, and even wi-fi systems. The attackers demanded a payment in bitcoin that equaled about $52,000. Mayor Kisha Lance Bottoms refused to pay, opting instead to rebuild the systems at a cost estimated somewhere around $2.6 million.
In the months and years since the attack, Atlanta has instituted security protocols and systems enhancements to avoid future attacks. But if organizations with data as critical as city governments like Atlanta are vulnerable, it seems almost anyone is. The same malware that hit Atlanta, SamSam, hit 200 other victims as well, extorting over $30 million in Bitcoin from their victims. And that’s just one malware group. There are hundreds, if not thousands, of others.
Ransomware Payments Can Put You in Legal Trouble
If someone is holding information and you’ve exhausted every option, you might think about just paying the amount of money and getting it over with. If you’re going down that road, then you may want to think twice.
Recently, the United States Department of the Treasury’s Foreign Assets Control (OFAC) issued a special advisory to companies that pay ransom during an attack. Specifically, the advisory warned that victims and any third parties who assist in payment could be in violation of federal law. Even if you do so unintentionally, there may be sanctions headed your way.
You can check out the advisory here.
A Global Problem
In a May 2020 report by Verizon, there were over 6,800 global attacks on public organizations with over six thousand of those considered large attacks. The same report totaled all cyberattacks in 2019 over 32,000 globally, or once every 16 minutes.
It’s a fool’s game to think “oh, this could never happen to me”. What can be done to protect your systems from ransomware?
How to Protect Against Ransomware
The good news is, some steps can protect you, your systems, and your business.
- Password Management
Let’s start with what you can do to fortify systems. There are steps you can take to ensure your systems aren’t laid bare by design and management practices, leaving them easy targets for hackers.
Let’s start with the importance of a well-designed and well-maintained backup system. Why start there? Because even if everything else goes wrong with your plan, a backup might be your last ray of hope if you’re impacted by an attack. So if you do nothing else, set up a backup process.
What’s a good backup process? It should include your most important business data. It should run often. And you should consider a trustworthy, cloud solution.
What’s your most important business data? If a hacker contacted you tomorrow threatening to destroy or make data public, what data would you think of first? What customer data do you have that if exposed or lost would jeopardize your customers or your business? That’s your sensitive data. Your business depends on it and you likely have an obligation (likely a legal one) to protect and manage that data.
Your backup should run often. Whether that’s hourly, daily, weekly, or monthly is up to your business needs. But the more often it can run, the better. The frequency of your backups will depend on the backup solution you choose and the costs associated with the backup process (automated or manual).
As you find the right solution for you, make sure you ask how backups happen and when they occur. The more information you backup, the better.
Cloud solutions have become widely available, affordable, and trusted over the years because they add layers of protection that on-premise solutions just can’t match. If your data is important enough to store, you want a solution that’s scalable and protected from any physical threat your systems could experience.
A reputable cloud solution is often competitively priced, easy to implement (even if you need some help), and offers more security than other options.
There’s a reason yards have fences, castles have moats, and China built a wall. Barriers thwart attacks. The harder you make it for hackers to access your data, the less likely it is they’ll get it.
Installing firewalls, anti-virus software, and VPNs for employees are all effective and affordable measures to protect yourself. Don’t leave your doors open to threats.
And that also means you should know where your network boundaries are. Know what’s connected to your network and ensure that connections are monitored and regulated. Consider working with a network management professional to ensure that you’ve intentionally designed and managed your systems.
It’s tempting to hit “remind me later” when those update pop-ups interrupt your work. Sometimes it’d be better to have a “go away and never come back” button. But updates, patches, and fixes pushed to you for a reason.
In 2017 the WannaCry attack hit high-profile targets using Microsoft Windows including Britain’s National Health Service with an encryption program. Before the attacks began, Microsoft identified the vulnerability in their system and released a patch. But because patches were not installed promptly, many users were left vulnerable and were subsequently attacked.
Providers diligently monitor for vulnerabilities that hackers could use to attack customers. Knowing that the reputation of their products is threatened by hackers, providers work hard to create patches, updates, fixes to protect their users. Ignoring those system updates leaves your systems vulnerable.
Update your systems. You probably have one that you’ve been putting off for weeks. Why not quickly check after you finish reading?
Hackers know that systems are only part of your business. They know that your team has access to systems and data and that they can be compromised as well. Ensuring that your team does their part in protecting against ransomware is crucial.
We all know by now that you shouldn’t give your bank account information to any princes from remote parts of the globe with poor grammar and offers of shared fortunes. We know that emails and other forms of unsolicited contact requesting sensitive and personal information are red flags for malicious attacks known as phishing.
In other words, it’s bad guys dangling an offer in an attempt to snag an unsuspecting (usually well-intended) victim to gain access or data. It’s cybercrime and a common tool used by ransomware attackers.
While phishing emails have seen a small decline in the past few years, the trend towards remote work seems to have ushered in a re-emergence of the tactic.
A few easy ways to avoid falling for a phishing attack:
- Don’t open emails from senders you don’t recognize or email addresses that seem off.
- Don’t send personal information through email. Just don’t.
- Don’t click links or open attachments from unsolicited or unrecognized sources.
- Report any suspicious emails to your security team.
If your employees don’t have access to customer data, they can’t accidentally give access to thieves. Creating and managing access controls is a crucial element of any security program. Profiles and access levels create layers of protection to sensitive data and system controls.
This is another place where working with a professional network manager can be immensely helpful. The process of creating a functional, scalable, and manageable process to control who has access and when is not a small or simple process. Experience and knowledge are huge here.
You’re probably sick of hearing that you need strong passwords that are 34 characters long, contain a number, a capital, a special symbol, and a drop of blood. But the rationale is simple. The harder a password is to crack, the better it works.
There are lots of ways hackers attack password-protected systems. From guessing, to what’s called brute force, hackers will try to gain access through passwords. Ohio State University explains how the complexity of passwords works.
OSU says “The time to hack a password increases exponentially with each character added to your password. For a password that consists of randomized characters of all types, the difference between 6, 7, 8, and 9 characters is days, years, centuries, and millennia!!!”
Nobody has time for an entire millennium of guessing.
And reusing passwords is just a no-no. Passwords used in more than one place (like your bank account and your favorite coffee app) mean that if it’s guessed once they have access to everything. Maybe it’s not the end of the world that a hacker steals all your coffee stars. But is it OK if they get their hands on your savings account? Definitely not.
And while passwords are important, consider multi-factor authentication if you really want to double down on protection.
Now more than ever, ensuring employees have the knowledge and skills to protect your business and your customers depends on smart and intentional actions. There’s a lot to consider when thinking about your remote workers’ security.
Criminals will always look for new ways to lie, cheat, steal, and ransom money out of people. Knowing what you can do to reduce your risk, and educating your employees can help protect you and your business.
If you need help identifying your risk points or creating security solutions, Atiba is here to help. Our experts have been helping public and private businesses create and monitor security programs for years. We’d love to help you, too. Reach out today to talk about your project!