- Last year, businesses paid out over $350M to ransomware groups, an increase of over 300% from 2019.
- Despite two-thirds of Connecticut businesses owners reporting that they feel prepared for a ransomware attack in a recent HBJ poll, real-life numbers don’t support the data.
- A new law passed in Connecticut limits businesses’ liability if they follow the guidelines set by the NIST. This article gives simple tips that can help every business avoid these costly and reputation ruining attacks.
Before Ransomware Attacks
On his way back to England from the Crusades in 1192, King Richard I (the Lionheart) was captured by his cousin, Leopold V, who ruled Austria. Richard was delivered to the Emperor who demanded a “king’s ransom” from Richard’s subjects.
The Emperor also enjoyed a political advantage while the King was a captive—just like hackers have an upper hand when they have access to your data.
A year later, after a massive tax increase, the ransom of 150,000 marks (= $3.3 billion today) was paid and Richard was released—much to the relief of Robin Hood.
Today, data, rather than people, have become the preferred targets of ransomware hackers. But the game is largely the same: pay handsomely to regain access to your data or risk release of sensitive information and possible ruin.
Why Worry About Ransomware Attacks
Ransomware attacks against large organizations feature frequently in the news these days. Remember “Colonial Pipeline,” “JBS USA,” “CNA,” and “Kaseya”—attacks in 2021 that resulted in multimillion dollar ransom requests and that affected millions of people.
These attacks have become another way of doing business, however brazen that might be. As a representative of the hackers told Reuters, “We are always willing to negotiate” the $70 million demand they had made of Kaseya. Further, increasing use of cryptocurrencies (e.g., Bitcoin) allow ransomware hackers to get paid anonymously.
Last year, victims paid out nearly $350 million to ransomware groups, an increase of more than 300% over the previous year. Attacks on health-care systems alone may have cost $21 billion. Increasingly, practitioners provide what they call “ransomware as a service,” in which sophisticated developers write malicious code, then rent or sell it to unskilled “affiliates” who initiate the attacks and collect the ransom. This model works so well that about two-thirds of attacks now use it. (Bloomberg)
- Despite headlines about attacks on large organizations, smaller and younger hacking groups are now targeting small to medium businesses.
- Government, manufacturing, services, education, and healthcare are the top five targeted sectors.
- Phishing attacks increased 600% since February 2020.
- Cyberattacks on remote workers increased by 500% in 2020.
- The United States suffered 57% of all ransomware attacks in 2020.
Preventing Cyberattacks in Connecticut
Connecticut is among a handful of states in addressing the legal exposure of businesses and organizations who have been hacked. On October 1, 2021, businesses that are in compliance with cybersecurity standards adopted by NIST, CIS, and PCI (Payment Card Industry) will be immune from punitive damages resulting from litigation filed in the State of Connecticut.
Connecticut also significantly expanded the legal definition of personal information that should be protected from cyberattack.
Such changes in the law are intended to provide incentives for businesses and organizations to take significant steps to reduce the chances of successful cyberattack.
Still business owners may be feeling more confident than is warranted. In a recent Hartford Business Journal poll, 60% of 204 respondents reported that their company had “adequate cybersecurity measures in place.”
But what does adequate mean? Remember King Richard, the Lionheart? When captured, he was wearing lowly pilgrim’s clothing but was probably discovered because of his large ruby ring. Moral: a minor slipup can spoil a good disguise.
As technology changes and hackers become more sophisticated and incentivized, perhaps feeling secure does not equal being secure.
How Ransomware Attacks Happen
Ransomware attacks occur in several ways, most of which are highly technical. Nevertheless, they usually begin with relatively simple security breaches.
- Phishing — Personal data such as usernames and passwords can be stolen when an unaware person responds to an apparently valid online request from an imposter.
- Malware — Malicious software that can retrieve sensitive information from a computer or network or that can interfere with computer functions can be installed when a user opens a corrupted file or visits an infected website. Such malware can operate in the background and can spread on connected networks.
- Passwords — Weak, unprotected, or repeated passwords and failure to use multi-factor authentication (MFA) can open the door to cyberhackers for entire networks.
However initiated, ransomware can be extremely annoying and destructive. Malware, for example, often encrypts your files and folders making it impossible to do business.
Sometimes, you might see a message on your computer indicating that “issues have been found.” This is followed up by a demand for money to fix the problem.
National Cybersecurity Alliance reports that a small family-owned construction company made extensive use of online banking transfers. Employees had to log in with a company and user specific ID and password. Two challenge questions also had to be answered for large transactions.
Despite this, the owner learned of an ACH transfer of $10,000 by an unknown source. When the owner contacted the bank, they learned that hackers had made transfers totaling $550,000.
It turns out, one employee had opened an email from what they thought was a materials supplier, but which contained malware from an imposter account.
Steps You Can Take to Prevent Attacks
The Center for Internet Security (CIS) has identified 7 steps to prevent and limit the impact of ransomware.
- Maintain backups so that files are protected and stored offline or out-of-band. Retaining backups will allow you to restore unencrypted files so that you can resume normal activities. Be sure to test backups and make sure they are not infected.
- Develop an incident response plan so that your team knows what to do in case of an attack. The plan should include procedures for notifying clients and vendors who might be affected. Employees should also be instructed about what to do when they receive a suspicious email message.
- Review port settings both on-premises and in the cloud. Consider closing Remote Desktop Protocol (RDP) and Server Message Block (SMB) ports.
- Harden endpoints to make sure that your IT systems are configured to be secure. CIS Benchmarks provides configuration guidelines for several vendor product families that can help your IT team revise configurations as needed.
- Use multi-factor authentication (MFA) to secure your accounts and prevent fraudulent access.
- Keep operating systems up-to-date to close security gaps that hackers try to exploit.
- Train your team, both IT and regular employees, to spot and avoid malicious emails. Team members should also be trained to follow security protocols regarding downloading files from the Internet or email attachments, maintenance and use of passwords, and exercise of vigilance for unusual activity on your network. Build staff awareness.
- Set up an Intrusion Detection System (IDS) to monitor network activity by comparing network traffic logs to signatures. Discrepancies can alert your IT team to possible malicious activity.
Other measures might include limiting access of users and employees to sensitive administrative functions. All users should have a level of access that is required for them to perform their specific duties.
Ensuring that all employees can see file extensions can reduce the chance of opening a corrupt execution file that would initiate an attack.
When You Need Help
Pro Tip: Request help from a trustworthy source when you or your IT team lack the time or expertise to handle preventative and recovery tasks.
Obtaining professional assistance helps your business strategy too. Many of the policies and procedures that will enhance cybersecurity for your organization will also improve efficiency of operations and team morale. Such benefits can increase productivity and more than offset the cost of keeping your business safe.
Remember, investing time, effort, and resources in cybersecurity is good business.
Contact our team at Now IT Works anytime to arrange a free, professional consultation. We’re here to help.