The Threat Grows
If the recent attack on Kaseya shows anything, it’s that ransomware isn’t going anywhere. Conducted by REvil, the attack impacted some 1,500 or more businesses worldwide. The ransomware gang demanded $70 million to restore the data from those businesses affected, primarily companies in the SMB sector. Make sure you don’t become the victim of an attack by reviewing the ransomware prevention checklist at the bottom of this article.
Although Kaseya was a high-profile attack, several other attacks have made big headlines through the first half of the year:
|Colonial Pipeline||$4.4 million paid|
|Brenntag||$4.4 million paid|
|Buffalo Public Schools||Unspecified|
|Acer||$50 million demand|
|JBS Foods||$11 million paid|
|Quanta Computer||$50 million demand|
|National Basketball Association (NBA)||Unspecified|
|CNA Financial||$40 million paid|
|CD Projekt||Unpaid, backups used to restore data|
|KIA Motors||$20 million demand|
If you look at the number of attacks in 2021 thus far, each month has seen a more significant number of attacks than last 2021. April saw a significant escalation in activity (BlackFog).
Equally important, attackers are moving beyond data theft in many cases to take control of a company’s operations. The goal is to create production slowdowns and create downtime to impact a business. As a result, ransomware attacks are now migrating to manufacturers, industrial companies, and other operations relying on physical infrastructure.
Ransomware Payments Increase
In 2017, Cybersecurity Ventures advised that ransomware damage would cost $5 billion. That number increased to $8 billion in 2018, followed by $11.5 billion in 2019. Ransomware predictions for 2021 indicate costs will soar to $20 billion, more than 57 times that of 2015. These numbers make ransomware the fastest-growing form of cybercrime.
On top of initial payments, cyber criminals are moving to double-extortion measures where they steal sensitive data before encrypting files. They then threaten to publish the data if the ransom goes unpaid. According to Checkpoint, there’s been a 50% increase in the daily average of double-extortion ransomware attacks.
Using this technique allows hackers to benefit without an actual ransomware payment. Healthcare records, for example, sell for between $100 and $500 on the dark web.
Ransomware Prevention Checklist
With this kind of threat landscape, an ounce of prevention is worth a pound of cure, as the adage reflects. There’s no reason to leave yourself exposed to ransomware attacks when you can take steps to help prevent them.
This ransomware prevention checklist provides insights into measures you can take to reduce your risk.
First Line of Defense
|Implement an automated backup solution using the cloud, software, or hardware|
|Ensure all possible data requiring access is backup up, including mobile and USB storage|
|Ensure your data is safe, redundant, and easily accessible once backed up|
|Regularly test the recovery function of your backup and restoration process. Test the data integrity of physical backups and ease of recovery for online and software-based backups for at least the last 3 or 4 months|
Second Line of Defense
|Install and use a firewall|
|Deploy anti-spam and anti-phishing software or dedicated hardware|
|Ensure everyone in the organization is the latest generation of endpoint protection along with whitelisting and real-time executable blocking|
|Routinely update and patch all applications and operating system components with vulnerabilities|
|Insist on remote log-in through a VPN|
Third Line of Defense
|Implement Data Leak Prevention (DLP) tools|
|Use least-permissive permissions for file, folder, application, and database access|
|Require multi-factor authentication for all access|
|Enable system logs to track data movements|
|Use traffic analysis to note any unusual data movements across computers and networks|
|Encrypt data to prevent easy unauthorized copying|
Fourth Line of Defense
|Conduct cyber awareness training to educate personnel on what to look for to prevent criminal applications from being downloaded and executed|
|Conduct frequent, simulated phishing attacks to inoculate users against cyber threats; conduct testing monthly|
|Enable system logs to track data movements|
Get Your Head Out of the Sand
Ransomware is serious business. No company is safe. So, even if you think your small organization is immune, think again.
The Kaseya attacks debilitated smaller businesses like accounting firms, doctor’s offices, retailers, and a host of other SMBs. By targeting a managed service provider, the hacker could move laterally and access the provider’s accounts.
That raises a critical point. Make sure your managed service provider has control of its operation. If they aren’t protecting their infrastructure, it’s doubtful they’ll defend yours. In this case, the MSP failed to have proper tools in place to prevent such an attack.
We specialize in small to medium-sized businesses. So, we know the common vulnerabilities attached to your organization. More importantly, we know how to mitigate them to make you virtually immune from a cyber-attack.
Talk to us about our cybersecurity services and ask us about a vulnerability test. We’ll uncover the issues that make you susceptible to attack and get them remediated in short order. We can also set you up with cyber awareness training to alert your employees to ransomware dangers and how to spot phishing and smishing attacks.