We’re living in an era of ever-advancing ransomware attacks. In the past year, this malware was used repeatedly to threaten and cripple critical infrastructure and services, causing widespread issues from gas shortages to a disruption of the world’s meat supply. The U.S. is increasingly dependent on digital infrastructure to manage its vital resources, making it particularly vulnerable.
Many factors played a role in the rise of ransomware. Organizations pivoted quickly to enable remote work during the pandemic, often from unsecured and unmanaged devices and networks, inadvertently creating new security vulnerabilities in an effort to keep people productive. Cryptocurrency, proven extremely difficult to trace and regulate, has made it easier for criminals to transact and extort on an unheard-of scale.
It was estimated that ransomware attackers cashed out $350 million in 2020 alone. In one high-profile attack, JBS, one of the world’s largest food companies, paid out $11 million in ransom. Complicating the matter further, attacks often originate in other countries, making accountability elusive.
Ransomware Defined
Ransomware is a type of malicious software or malware designed to block access to a computer system until a sum of money is paid. Criminals gain access to a computer system and then essentially hold it hostage by encrypting the data. Victims that choose to pay a ransom are not guaranteed to recover that data because the criminals may simply choose not to restore access. And even if access is restored, the data should be considered compromised.
Ransomware criminals are highly organized and strategic, often attacking when IT teams aren’t fully staffed, such as during a holiday weekend. If their demands aren’t met, they threaten to publicly share sensitive data.
With ransomware affecting the masses, the White House recently laid out a formal strategy to proactively disrupt ransomware “gangs” and, in some cases, the digital infrastructure they use to operate. For example, the Department of Justice seized a cryptocurrency wallet this past spring to recover $4.4 million in extortion paid by Colonial Pipeline.
What Companies Can Do
So, what do companies need to understand about ransomware and how can they protect themselves? First, understand that a ransomware attack is a matter of “when” not “if.” The reputational and financial risks are too great to ignore this dark phenomenon.
Take a proactive approach to secure data. Keep systems updated, patch vulnerabilities, and educate employees about phishing emails and other popular schemes used by hackers. Especially in a hybrid work environment, it can be challenging to maintain utmost security. Hackers have been known to gain access to systems with a simple phone call, posing as an employee or vendor who “needs access to complete a task.” Work-from-home teams should have security protocols in place to verify requests just as they would if they were sitting down the hall from the IT department.
Prevention is key, but a recovery plan can restore your operations and avoid ransomware payouts. Backing up data is standard, and the recent victims in these high-profile attacks most certainly had reliable backups, so why were ransoms paid? If backups are not tested, you might find out during a restore that the backup was improperly configured. Depending on the volume of data, how the backup is architected, and the method of restoration, recovery time may be grossly underestimated. Or perhaps data was securely backed up, but the applications to restore data were encrypted as part of the attack. Testing backups and developing plans to prioritize which systems are brought back online in which order can get you back to operational quickly.
What if we have a Managed Services Provider?
A managed services provider (MSPs) who supports your IT infrastructure should also help secure it. Hackers target MSPs too, so it’s important to ensure you have the right partner to handle your concerns. As an MSP, Pacxa follows best practices and implements extra security layers to protect ourselves and our customers. Multi-factor authentication, privileged access management, and next-generation antivirus software are just a few of the key security products and policies we utilize.
We urge everyone to learn more about the costly ramifications of ransomware and how to actively defend against these threats. When engaging an MSP, consider these questions to ensure they are best aligned with your security needs:
- Does your contract address ransomware risks and do you have options for supplementary and/or customizable cybersecurity offerings?
- How do you monitor and control new cybersecurity risks?
- Is awareness training available?
To keep current on the latest in IT security, we recommend the Cybersecurity & Infrastructure Security Agency (CISA) site’ s Current Activity and Alerts and Tips feed: https://us-cert.cisa.gov/ncas/current-activity