Preventing Ransomware In 2021
It feels like no more than a few days go by without another ransomware story in the news. What used to be just one threat present in the cybercrime landscape has now become the most clear and present danger to modern businesses.
Don’t assume we’re exaggerating this for effect — experts estimate that a ransomware attack will occur every 11 seconds in 2021. It’s almost a total certainty that you will be attacked with ransomware at some point, and possibly even infected. That’s why you need to take action and defend yourself.
Discover how you should be defending yourself, and how to respond to an infection to minimize the damage, in our latest webinar, featuring Advantage’s Mike Shelah, cybersecurity insurance expert Joe Brunsman, and Dell’s Loren Larson.
What Is Ransomware?
Ransomware is a type of malware that encrypts the target’s data (making it unreadable and inaccessible) and holds it for ransom. It targets all data on the target’s systems, making it impossible for them to ignore until they pay the ransom or restore the data from backup.
Typically, an unsuspecting employee clicks on an emailed attachment that appears to be a bill or other official document. In actuality, the attachment installs a malicious software program (malware) onto the computer system.
There are a number of ways that hackers can trick targets into downloading ransomware:
- Phishing: Phishing is a social engineering technique that “fishes” for victims by sending them deceptive emails. Phishing attacks are often mass emails that include ransomware as an attachment.
- Malvertising: Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox. They spam users with official-looking pop-ups informing them of an “infection” or “security alert” prompting them to download a file or click a link. As with so many of these methods, it just comes down to getting the user to interact with malware in some way without them knowing it.
- Out Of Date Hardware: Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.
The Threat Of Ransomware Is Evolving
Just a few years ago, ransomware wasn’t as big of a concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware.
Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money. Characteristics of modern ransomware attacks include:
- Expanded Timelines: Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
- Improved Capabilities: Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well. Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility. All of this is to say that you can’t assume you won’t be infected at some point. No matter how strong your defensive capabilities are, ransomware may still get through. That’s why you need to plan out how to respond to an attack.
How Should You Defend Against A Ransomware Attack?
The best way to defend against ransomware is to work with an IT company (like Advantage Industries) whose team can implement a range of cybersecurity protections that will keep your data protected and your business in operation, no matter what happens.
Recommended security measures include:
- Access Controls: Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories. Furthermore, only those needing local admin rights are to be provided with that access.
- Firewall: Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users or suspicious connections from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
- Network Monitoring: Your IT company should be keeping an eye on your systems around the clock, identifying and suspicious activity and addressing it immediately to prevent any negative effects. The ideal way to handle this is with MDR, an outsourced service that provides organizations with threat hunting services and responds to threats once they are discovered. MDR fully manages your cybersecurity defense, both keeping an eye out for threats, as well as providing the expert team to address them when they occur.
- Data Backup: If you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary. Be sure to:
- Back up data on a regular basis, both on and offsite.
- Inspect your backups manually to verify that they maintain their integrity.
- Secure your backups and keep them independent from the networks and computers they are backing up.
- Separate your network from the backup storage, so the encryption process is unable to “hop” networks to the backup storage device. This keeps your backup data from being encrypted.
What Would Happen If You Were Infected With Ransomware Right Now?
Do you have a plan? Are your system endpoints protected? Are your backups recent, tested, and viable?
It’s a mistake to assume that just because you haven’t been hit by ransomware yet, that you won’t be anytime soon. You may think you can put off investing in effective cybersecurity support, but without warning, you may get hit.
How Should You Respond To A Ransomware Attack?
- Disconnect: If a business suspects their networks are at immediate risk, the first step is to disconnect the computer from the company’s network to inhibit further exploitation attempts on other systems.
Simply remove the network cable from its connection point, usually a tower or laptop. This step should then be followed by disabling the WiFi settings. It is critical that this is performed manually to make sure it’s been properly disconnected.
- Power Down: Once the computer has been removed from the network, it is then necessary to power down the machine to prevent any potential damage.
- Contact Your Cybersecurity Professionals: Whether you have one on speed dial or not, your next step is to get professional assistance. Restoring backed-up data and limiting the continued spread of ransomware is a complicated process — don’t try to handle it alone if you don’t know what you’re doing.
At this point, you may also be considering placing a call to your insurance provider. If you’ve invested in a cyber liability insurance plan, you’re likely covered in the event of a ransomware attack, right?
The Problem With Cyber Liability Insurance
The core issue is that as cybercrime becomes more common and more damaging, insurers will become more aggressive in finding ways to deny coverage. Furthermore, in the case of ransomware, they may not even be allowed to cover the ransom. In some instances, paying the ransom may be illegal, as it may fund a known party that has been deemed dangerous by the US government.
For many reasons, it’s in the insurer’s interest of their business to pay out as little as rarely as possible, which means the policies will tend to rely on a series of complicated clauses and requirements that covered parties have to comply with.
Another example is when Mondelez International was denied coverage for the $100 million of damage they incurred from the NotPetya attack. Their insurer, Zurich Insurance, cited the obscure “war exclusion” clause, claiming that Mondelez was a victim of a cyberwar.
This is not an isolated incident. As discovered by Mactavish, the cyber liability insurance market is plagued with issues concerning actual coverage for cybercrime events:
- Coverage is limited to attacks and fails to address human error
- Claims are limited to losses that result directly from network interruption, and not the entire period of business disruption
- Claims related to third-party contractors and outsourced service providers are almost always denied
All in all, these factors have led the industry to be extremely profitable for insurers, and extremely unreliable for businesses. Mactavish found that for every $1 million paid in premiums, insurance companies only pay out $320,000 in claims.
You Can’t Ignore Ransomware And Hope It Goes Away
In summary, there will never be a way to be 100% protected from an attack, or worse, an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risk of being infected with ransomware can be dramatically reduced.
Get in touch with the Advantage Industries team to discover more about developing a modern ransomware defense.