OVERVIEW
Ransomware has become more prevalent than ever, and predictions are that it will continue to be a major form of cybercrime in the coming years. Ransomware is a type of malware designed to encrypt files or even entire drives so that the business infected can no longer access these files or systems without the key to unlock the encryption, which of course is not available unless a ransom is paid, almost always via a cryptocurrency. This can have a devastating effect on the attacked organization, creating an atmosphere of desperation, that can be mitigated with the preparation or avoided altogether with strategic prevention.
Ransomware attacks all sectors of the economy including healthcare, banking, finance, manufacturing and small businesses, which essentially means everyone is susceptible. The average demand from ransomware attackers in 2020 was $570,857. The recent ransomware attack on the Colonial Pipeline, the largest U.S. pipeline system connecting Texas and New York, was resolved by paying nearly $5 million to the hackers. The first known fatality due to ransomware occurred in Germany when a critically-ill woman had to be taken to another hospital for treatment because ransomware had taken down important hospital systems.
PREVENTION
It is far better to prevent a ransomware attack than to try to recover from one. There are many ways to prevent a ransomware event from happening by taking proactive cybersecurity measures and practicing basic good cyber hygiene. Today, good cybersecurity practices are not only sound business policy but an absolute business survival necessity. In order to prevent a ransomware attack, CyberNINES recommends starting with these best practices from the Cybersecurity & Infrastructure Security Agency (CISA) to help prevent a ransomware attack.
READ MORE – Cybersecurity & Infrastructure Security Agency (CISA) Ransomware Guide
RESPONSE
If your company is truly prepared for a ransomware attack, then you have a significantly lower chance of having an attack occur, however, even the best systems have their weakness, namely users, and if you do get breached by a ransomware attack, your immediate reactions should be:
1. Isolate the infected systems immediately.
2. Contact law enforcement immediately.
3. Do not pay the ransom
4. If you backed up your files you can recover
For more information on how to conduct vulnerability scanning or manage your security and compliance, visit the CISA website (https://www.cisa.gov/cybersecurity) or feel free to contact us at CyberNINES.
Sources:
https://us-cert.cisa.gov/ncas/tips/ST19-001
https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware