Ransomware. Don’t we all wish it was another clothing company, one we could buy at a reasonable rate, wear when it’s the right season, and drop off at the local non-profit thrift store when we are done with it.
Quick explanation: ransomware is not a clothing company, you don’t pay a reasonable rate for it, and you can’t ever give it away… most importantly, never to a non-profit! It is a malicious software that will take hold of your computer system and/or data until you pay a requested ransom. (You can calculate recovery time cost here!) Your information is the hostage here… definitely not a pretty pair of shoes… although at the rates that get charged, you could buy a couple truckloads of Christian Louboutins. Just a couple…
- A top 5 cybersecurity threat.
- Continuing to grow annually.
- Targeting the health care industry.
- Causing data loss and downtime.
- Most importantly? IT ISN’T GOING AWAY ANYTIME SOON.
FBI’S Public Service Announcement (PSA)
On October 2nd, the FBI released a Public Service Announcement with the following title: HIGH-IMPACT RANSOMWARE ATTACKS THREATEN U.S. BUSINESSES AND ORGANIZATIONS.
In this PSA they warn about the current trend in ransomware. They point out that although ransomware attacks are becoming less frequent, they are becoming “more targeted, sophisticated, and costly.” The cyber criminals are getting wise, and it seems after years of chasing many smaller scale attacks, they are exhibiting a new hunting pattern – bigger prey for bigger pay. In other words, they seem to be streamlining.
The losses from ransomware increase every year. You may have heard about the many state and local governments that have been targets in the past couple years. (More on that to come.) According to the PSA, the ransomware is also being targeted towards large healthcare organizations, industrial companies, and the transportation industry. Trends come and go, and even if you don’t happen to be one of these larger companies you are still extremely vulnerable to being a victim of ransomware.
HOW RANSOMWARE TAKES HOLD
The following techniques have been observed by the FBI. Keep in mind if you were to get infected with ransomware, the FBI does NOT advise paying the ransom.
#1 Email phishing campaigns
#2 Remote desktop protocol vulnerabilities
#3 Software vulnerabilities (check our last blog post on End of Life products from Microsoft – perfect example of a potential software vulnerability)
WHAT CAN YOU DO?
Straight from the mouth of the FBI: “The most important defense for any organization against ransomware is a robust system of backups. Having a recent backup to restore from could prevent a ransomware attack from crippling your organization. The time to invest in backups…is before an attacker strikes, not afterward when it may be too late.”
Having a quick and reliable backup is the best way to protect yourself against ransomware.
Check out this list also provided by the FBI. See what you are doing, and make a list of what you need to be doing. And do it today. Tomorrow may be too late!
FBI’S CYBER DEFENSE BEST PRACTICES
- Regularly back up data and verify its integrity. Ensure backups are not connected to the computers and networks they are backing up. For example, physically store them offline. Backups are critical in ransomware; if you are infected, backups may be the best way to recover your critical data.
- Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware and how it is delivered, and trained on information security principles and techniques.
- Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.
- Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted.
- Implement the least privilege for file, directory, and network share permissions. If a user only needs to read specific files, they should not have write-access to those files, directories, or shares. Configure access controls with least privilege in mind.
- Disable macro scripts from Office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full Office Suite applications.
- Implement software restriction policies or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular internet browsers, and compression/decompression programs, including those located in the AppData/LocalAppData folder.
- Employ best practices for use of RDP, including auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.
- Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy.
- Use virtualized environments to execute operating system environments or specific programs.
- Categorize data based on organizational value, and implement physical and logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and network segment as an organization’s email environment.
- Require user interaction for end-user applications communicating with websites uncategorized by the network proxy or firewall. For example, require users to type information or enter a password when their system communicates with a website uncategorized by the proxy or firewall.
Contact us to see how we can help you with all your technical and security needs.