Notions

Preventing a Ransomware Attack

Guest post from Steven Thom, president of Thom Infotech. Thom Infotech is a Chicago-area Managed IT Services provider with more than two decades of experience with cybersecurity threats.

Business owners and their management teams have plenty of reasons to lose sleep, not the least of which is the prospect of a cybersecurity incident. Experts have pened countless articles and blog posts to raise awareness, but the damage from a ransomware attack still goes deep.

Ransomware Attacks

The most pernicious and costly of the exploits is the “ransomware attack”. This type of hack involves the wholesale encryption or locking of business file systems, rendering the stored data inaccessible. A message is typically displayed on the users’ screen instructing them to pay a hefty ransom to obtain the necessary decryption key to unlock and regain access to the files.

In many cases, the message also includes a timer that increases the ransom amount if the victim delays their response. The ransom generally must be paid in cryptocurrency such as Bitcoin. Since most businesses lack familiarity with Bitcoin, the hackers offer a help desk to walk the victim through the process. If you wait too long, you may even receive a call from the hackers to encourage your compliance with their demands.

You might say to yourself, “We have backups, so we are not going to pay.” Further, this kind of ransom attack violates our sense of morality, and we often balk at paying the ransom out of principle. Sadly, the situation is more complicated than that.

The hackers are aware that you have backups (please tell me you have backups!). It is possible the hacker found and encrypted those too. You might have a great backup system that replicates your data to an independent network so that you might have a false sense of security. While the hack is disruptive and costly, at least you can get your data back and avoid the ransom altogether. Not so fast.

Risks

In recent attacks, the hackers not only encrypt your data – they often take the next step and upload it to their servers. If you think you do not have to pay the ransom due to your excellent backups, think again. Hackers are now extorting businesses by threatening to expose your data to the world.

Ransomware attack implications

The implications of a ransomware attack are profound, including:

  • Privacy violations for your clients and employees, with a real possibility of legal action taken against you
  • HIPAA (Health Insurance Portability and Accountability Act) violations, with tremendous associated fines
  • The embarrassment of seeing all your most personal and sensitive information in the wild
  • Damaging media reports of your predicament

Knowing this, the hackers will set a steep price on both the decryption key and the extortion related to your data exposure.

In many cases, the business finds itself in a no-win situation. Paying may sink the business. Not paying may sink the business. While the authorities advise against paying, several police departments and municipalities have done exactly that.

What You Can Do

A combination of education, insurance, and testing can position you to walk away with your business and integrity intact.

We suggest these steps to mitigate their risk of a ransomware attack:

  • Insurance – This is one area where most businesses are under-insured. If you previously elected to skip the cybersecurity insurance, this might be a good time to reconsider. If you have insurance, you should revisit the coverage to factor in the extortion angle.
  • Cybersecurity posture – Now more than ever, businesses need to be on war footing. They must revisit their strategies with their IT provider to cover every imaginable (and unimaginable) situation.
  • Cloud Migrations – A cloud-based computing environment is more difficult to expose and encrypt. Further, a properly configured cloud computing environment is far easier to restore.

Only your insurance provider can address the first point. If your IT provider fails to understand your concerns about the second and third concepts, it may be time to shop around.

As a technology vendor, we recommend several strategies to improve your cybersecurity posture:

  1. Education – The easiest threat vector is usually your people. Recruiting and hiring talented employees is not enough. Few staffers are adequately suspicious when confronted with a cleverly crafted ransomware attack. Regular cybersecurity education is a great place to start. Your IT team can patch vulnerabilities in your computers, servers, and network hardware. Sadly, “Patching” the users is often neglected.
  2. Testing – Education is great, but some of your employees might nod off during the training. Simulated phishing emails are a great way to expose your vulnerabilities. You might also consider “white-hat” penetration tests, where a team of ethical hackers attempts to bypass your countermeasures. This step is an expensive yet worthy effort in cases where the stakes are highest.
  3. Technology – Every business needs a sound strategy for threat detection and prevention. At a bare minimum, this should include properly configured Unified Threat Management firewalls, next-generation antivirus and antimalware tools, competent email security, frequent vulnerability scans, segmentation of trusted and untrusted traffic, and a comprehensive patch management strategy.
  4. Backups – A sound data backup strategy should include both local and cloud storage. You still need to isolate the backups from the local network to guard against exfiltration and encryption.

If cybersecurity risk is not high on your list of business priorities, perhaps it should be. “An ounce of prevention is worth a pound of cure,” according to Benjamin Franklin.

I can add that prevention is far less costly.