Ransomware is perhaps one of the most troubling of all black hat hacker threats. The idea that an external hacker bent on malfeasance can penetrate a network and lock down an infrastructure until a ransom is paid is terrifying. It’s also shocking to note that small, mid-size, and enterprise organizations are equally viable targets for these cybercriminals. More disturbing still is that these digital terrorists are targeting U.S. critical infrastructures including hospitals and state governments. Here’s what you need to know and how to fight back.
Ransomware attacks on government and business increasing
The latest data shows that ransomware attacks on vulnerable computer networks increased by 41% last year. It’s important to note that these numbers don’t take into account the companies that don’t report these cases to quell any public relations snafus that could affect their brand.
Lately, hacker encroachment has grown more public as cybercriminals target the U.S. infrastructure with malware that encrypts and locks data held in city governments, utility companies, and even hospitals. Some of the latest ransomware incidents include:
- In December 2019, the U.S. Coast Guard reported infiltration by a virus known as Ryuk ransomware. This forced facility operations to shut down, blocked access to files, disrupted camera and physical access control systems, and contributed to the loss of critical monitoring devices.
- Last year, dozens of U.S. cities were held for ransom, including 22 cities in Texas; Baltimore, Md.; Atlanta, Ga.; and more. It cost Baltimore more than $18 million in lost revenue and recovery costs.
- Ransomware attacks last year reportedly affected 113 government agencies in the U.S, 764 healthcare providers, and 89 higher education organizations.
Most of these infections are launched from a simple, yet effective, phishing email designed to look like a legitimate communication from a trusted source. Clicking into the email unleashes the ransomware virus.
But ransomware hackers, like all scientists, improve their knowledge in increments, often on the iterations of each successive application. There are signs now that these criminal vampires, having found a lucrative cash vein, are growing more sophisticated in their efforts to bleed out their vulnerable targets.
Understanding the ransomware threat
Ransomware is a type of malware designed to infiltrate a computer or network, then encrypt or lock down the data. The end-user sees a ransom note demanding payment to unlock files and recover data. Payment is generally in bitcoin, a form of digital currency. When the ransom is paid, a complex numeric key code is sent by the hacker to unlock files. At least in theory. The reality is, even if the ransom is paid, there is no guarantee that the files will unlock.
Ransomware has been around for years; however, prior to 2017, targeted individuals were asked to pay only a few hundred dollars per incident. In 2017, the WannaCry ransomware virus exploited a Windows vulnerability to infect victims in more than 150 countries, costing billions within a matter of hours. This crisis signaled the onset of a new terrorist threat — ransomware for bigger, bolder targets, with a higher cash ransom.
The New York Times reports the average ransom payments paid for these attacks rose to more than $84,000 per incident by the fourth quarter of 2019. But by December, that number jumped to $190,946 due to large hacks that demanded millions in payment. The Federal Bureau of Investigation (FBI) does not advocate paying the ransom, stating that it only encourages more hacker activity. Additionally, there is no guarantee that the data will be returned.
How can organizations protect their data from these evolving and vicious threats?
Protecting your infrastructure from ransomware
The latest FBI warning on ransomware suggests that the quality of the malware has shifted from a blunt hammer to a precision attack. Ransomware thieves have more targeted delivery mechanisms and manual hacking with sneaky network reconnaissance. New threats involve hackers not only shutting down files, but also stealing data and threatening to expose it on the open market.
Yet protection against these threats remains fully in the hands of technology teams who can both shut open door vulnerabilities and limit the damage — even from insider threats. All organizations, even small businesses that lack a sophisticated security team, can take these steps to protect their data:
- Create up-to-date IT diagrams that clearly map the attack surface. This helps companies identify network vulnerabilities and proactively establish a plan to shore up any gaps.
- Patch and upgrade all devices accessing the network regularly as a crucial best practice. This should include security systems such as secure email gateways, web filters, and firewalls.
- Secure your extended network by adopting application whitelists, limiting end-user privileges, developing strong password policies, and leveraging multifactor authentication.
- Train and retrain your employees on the risks of malware to create a culture of cybersecurity.
- Backup your data regularly, including desktops and systems. Store the backups of the network so they cannot be compromised during a breach. Scan backups for malware.
- Run business continuity and recovery drills to create muscle memory that you can draw upon when the unthinkable happens.
Organizations seeking to stay ahead of hackers should consider leveraging external resources for a vulnerability assessment of their security readiness. The Windsor Group Sourcing Advisory helps technology teams create and implement cyber security strategies to protect data from the latest hacker threats. Talk to our team about how our partnership can add value for your existing infrastructures.