Ransomware: “We’re Just Playing Goalie”
The chief of a leading cybersecurity firm has raised concerns that the growth in digital platforms and cryptocurrencies shows a direct correlation with the rise in ransomware attacks.
Should executives be concerned and are there any IT solutions that can help protect companies from ransomware attacks?
The warning shot comes from Kevin Mandia, CEO of FireEye, an intelligence-led security company involved in the “detection and prevention of major cyber attacks”. The company themselves were hacked by a “state-sponsored” campaign in December 2020.
With cybersecurity at an all-time high, Mandia told reporters at CNBC, ‘We’re just playing goalie.” As the digital landscape continues to evolve, IT departments will face ever-increasing challenges over the next decade.
Let’s unpack this for you.
How are ransomware attacks conducted?
Ransomware is a form of malware that is designed to gain unauthorised access to systems. An infected computer enables the hackers to disrupt operations, hijack operating systems and take over user controls so that you cannot access your files.
According to the U.S. Government’s Cybersecurity and Infrastructure Assurance Agency (CISA):
“Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”
Malicious actors cajole the victim into paying a ransom in order to restore access to the network. The majority of ransomware attacks request that payments are made with Bitcoin or other cryptocurrencies – hence Mandia’s opinion.
Ransomware attacks typically use a Trojan that enters a system through a gateway. The most common technique is through a phishing attack which prompts the user to open an attachment or click a link to a malicious website.
Another common technique is for hackers to exploit a vulnerability in software, hardware or network services. Because Microsoft 365 is the most widely used software amongst businesses, Microsoft Office controls and Windows components are the most exploited.
Other aggressive forms of ransomware include NotPetya which exploits security vulnerabilities on unpatched devices.
We appreciate this all sounds pretty scary, but the good news is that all the types of ransomware attacks can be avoided if you have the right IT support and cybersecurity measures in place.
First of all, let’s take a look at why cybersecurity detection and prevention measures should be of paramount importance to companies.
Type of Ransomware Attacks
Cybersecurity professionals claim that nobody is safe from ransomware.
Whilst the major multi-million dollar ransomware attacks such as Manchester United, WannaCry and the Colonial Pipeline hacks are reported by the media, leading cybersecurity firm Kaspersky to admit that ransom demands are “usually” between $100 and $200.
The data suggests that SMEs are exposed to more ransomware attacks than larger firms – which are generally targeted by state-sponsored campaigns with connections to secret intelligence agencies.
However, the malware created by secret intelligence service engineers is readily available to your average cybercriminal – the majority of which focus their attention on businesses that ‘quick hits.’
If your business network isn’t equipped with sufficient cybersecurity protection, you are vulnerable.
The quick hits are easy for hackers to accrue their ill-gotten gains.
There are generally two types of a ransomware attacks:
Locker ransomware – gains access to the system and blocks the end-user from using the functions of the device such as the mouse or keyboard.
These types of attacks ordinarily lock the user into what is essentially a screen-cell – you can’t escape from until you pay the ransom.
The saving grace with locker ransomware is that hackers cannot gain access to critical files. Therefore, if you backup your files and store them online and offline, you may have an easy escape route without having to concede to the ransomware demands of cybercriminals.
More on that later.
Crypto ransomware – This form of malware encrypts data so it becomes scrambled – and essentially useless – when you open the file. Whilst users still have the functionality of the device, documents, videos, images and apps etc are inaccessible.
Hackers typically set a timeline for victims to pay the ransom and threaten to delete your data if the ransom is not paid. Victims are naturally provoked into paying the ransomware – but with the right security protocols, technologies and IT support in place, ransom payments could be avoided.
Ransomware-as-a-Service (RaaS)
A concerning threat for C-suite executives and business owners is that hacking is becoming a popular job that almost anyone with a minimal amount of technical skills can do – and it offers a lucrative salary.
The biggest threat to businesses in 2021 and onwards is ransomware as a service (RaaS).
RaaS offers capabilities to want-to-be-hackers that software-as-a-service (SaaS) and platform-as-a-Service (PaaS) etc offer to the average business user.
In other words, everything you need to perform your job is practically done for you.
RaaS essentially provides cybercriminals with sophisticated tools that enable them to perform various cyberattacks – of which there are many. Hacking software even enables users with a secure and anonymous payment portal they can use to extract payment from their victim.
There is some guarantee that RaaS works because vendors ask for a slice of the profits rather than setting up a subscription-based model. With relevant tools accessible to a wide audience of malicious actors with entry-level skills, the digital portal is open for more businesses to become the victim of ransomware attacks.
Fortunately, there are IT solutions that enable you to avoid the increased risk of ransomware attacks.
IT Support Solutions to Prevent Ransomware
With the right solutions installed, the majority of cyberattacks can be avoided. Moreover, you can also avoid paying a ransom.
All you need is cybersecurity monitoring and prevention software together with a reliable IT support team with experience in IT security.
Here’s what you need:
Cybersecurity Incident Response Policy
The first place to start with cybersecurity is to develop an incident response plan which informs IT security personnel what to do during a ransomware attack.
Reserve a section for this in your cybersecurity policy. It should list relevant contacts such as key IT personal (name the roles rather than names in case someone on the list leaves), relevant partners, clients, customers, suppliers and vendors.
Cloud Back-Up
Storing and backing up critical business data in the cloud is a key component in defence against locker ransomware.
If your data is stored in a secure environment that cannot be accessed by cybercriminals, there’s no reason for you to pay a ransom.
Cloud backup services may eliminate the risk of paying a ransom to recover your business data, but to add an extra layer of protection, store your files offline or in an ‘out-of-bounds’ cloud environment that is encrypted and inaccessible to third parties.
Providing you perform backups on a regular basis, there is less chance of you suffering a financial loss through loss of productivity either.
Perform Security Updates
Failing to update security patches leaves devices exposed to cybercriminals. Hackers using sophisticated technologies can infiltrate weaknesses in software at various attack points.
As software and devices age, they become increasingly vulnerable to cyberattacks. A key prevention measure is to perform updates that include security patches.
Security patches are pieces of code that are designed to improve software security. However, the issue that IT teams typically encounter is encouraging every user to update the patch.
This can cause a major problem because once a software security patch has been released, the onus of responsibility like with the client – you – and not the software company (e.g. Microsoft).
Businesses that do not take the appropriate measures to protect client data are subject to GDPR penalties – which can put SMEs out of business. However, GDPR can also be a benefit.
The best solution to adopt patch management services. This type of service automates updates across all relevant devices from a remote location. That means your IT team doesn’t have to rely on end-users to update their devices.
Our experienced IT support team also run regular vulnerability scans to identify potential weaknesses in the software that could be exploited. By detecting vulnerabilities early, you increase your chances of preventing devices from becoming infected.
Solidify Endpoints
Business systems that host multiple users across a variety of devices – especially BYOD – have a heightened risk of suffering a security breach. All wireless devices – including the Internet of Things – that have access to your network are a potential entry point for malicious actors with ransomware.
To dramatically lower the risk, all your business devices need to be secured. This process is called endpoint security because devices such as desktops, laptops, smartphones, servers etc are all an “endpoint” on a network.
Unless endpoint protections are in place, any one of the devices on your network could be used as a gateway for cybercriminals to infiltrate your computer system, access your files and take control with ransomware.
Endpoint security works by using firewalls and anti-virus software together with appointing system administrators to control security endpoints from a central location.
Administrators are responsible for things like allowing users certain levels of access and blocking access to certain websites that could potentially host malware.
Cloud-based security solutions are the latest-generation endpoint threat detection technologies. They use real-time machine learning to continuously monitor activity and immediately prevent access through gateways where suspicious activity is suspected.
For example, every device on your network is listed and the user is given certain permissions to access files, apps, directories etc. If a non-listed device is detected, access will immediately be denied.
Segment Your Network
When malware enters a computer network, it will typically search for target data. To do this is moves laterally through your directories looking for certain coding identified with files that store critical data.
In most businesses, this involves intruding malware crossing from a device into a business network where files are hosted on directories.
Segmenting your network separates systems and devices. This can help to prevent intruding malware from escaping from an infected device and getting into your business network.
Each subsystem in the network should have a separate firewall and gateway together with individual security controls and a unique access policy.
Once the segmentation is in place, intruders that are successful in compromising an individual device will not be able to target critical data on your network without having to go through every segment first.
As a result, remote monitoring tools are able to identify suspicious behaviour and give IT support teams more time to isolate the threat.
Cybersecurity Training
Cybersecurity firms repeatedly warn businesses that end users are a company’s biggest security risk.
The majority of data breaches are caused by employers unknowingly clicking on a link or downloading an attachment that is infected with malicious code.
Once malware is on a device, it can lie in hiding and collect data until the hacker decides to initiate an all-out attack.
Educating your team about the threat of cybersecurity and training them on how to identify, avoid and report cyber-attacks should be high on your agenda for 2021.
As part of the training, IT teams should ensure that every member of your workforce is using strong password controls and changing passwords regularly.
The experts at MicroPro can put a cybersecurity package together for you. Our IT support team in London can also attend your premises and hold a cybersecurity training workshop.
IT Support Professionals in London
Reports reveal that 60% of companies go out of business within six months of a data breach. With the growing risk of falling prey to ransomware – and GDPR fines – failing to implement efficient cybersecurity measures is not worth the risk.
Cybersecurity can be avoided, or at best, vastly reduced if you have an experienced IT support team to install, monitor and manage your network security for you.
Don’t risk your business and speak with a friendly member of our IT support team in London today. We have the knowledge, technology and experience to significantly improve your data security defences and eliminate the risk of ransomware.
We may “just be playing goalie” but we are good at keeping out penalties!