What if a hacker assumed your identity and defrauded your customers, friends, and family? Just the thought is enough to give you sleepless nights.
One account takeover is all it takes for a hacker to rob you of eye-watering sums of money and ruin the reputation your business built over the years. In fact, over 55 percent of businesses reported higher fraud losses due to account takeovers and it is estimated that an organization will fall prey to ransomware every 11 seconds.
At CyberNINES®, this month we are advocating for Ransomware Awareness, we’ve found that taking a proactive approach to building a cybersecurity compliance plan is the best way to ensure your needs are being met.
Ransomware has become more prevalent than ever, and predictions are that it will continue to be a major form of cybercrime in the coming years. Ransomware is a type of malware designed to encrypt files or even entire drives so that the business infected can no longer access these files or systems without the key to unlock the encryption, which of course is not available unless a ransom is paid, almost always via a cryptocurrency. This can have a devastating effect on the attacked organization, creating an atmosphere of desperation, that can be mitigated with the preparation or avoided altogether with strategic prevention.
Ransomware attacks all sectors of the economy including healthcare, banking, finance, manufacturing, and small businesses, which essentially means everyone is susceptible. The average demand from ransomware attackers in 2021/22 was $247,000. One of the most spoken of attacks in 2022 was the ransomware attack on the Costa Rican Government as it’s the first time a country declared a national emergency in response to a cyber-attack. Ransomware group, Conti took responsibility for the first attack, asking the government to pay the ransom of $10 million and later increasing it to $20 million. On May 31, another attack plunged the country’s healthcare system into disarray. This attack, linked to HIVE, affected the Costa Rican social security fund. This attack directly affected the common Costa Rican person as it took the country’s healthcare systems offline.
It is far better to prevent a ransomware attack than to try to recover from one. There are many ways to prevent a ransomware event from happening by taking proactive cybersecurity measures and practicing basic good cyber hygiene. Today, good cybersecurity practices are not only sound business policy but an absolute business survival necessity. In order to prevent a ransomware attack, CyberNINES recommends starting with these best practices from the Cybersecurity & Infrastructure Security Agency (CISA) to help prevent a ransomware attack.
RESPONSE TO AN ATTACK
If your company is truly prepared for a ransomware attack, then you have a significantly lower chance of having an attack occur, however, even the best systems have their weakness, namely human users, and if you do get breached by a ransomware attack, your immediate reactions should be:
1. Isolate the infected systems immediately.
- Infected systems should be removed from the network as soon as possible to prevent ransomware from spreading on the network or share drives.
- Isolate or power off affected devices that have not yet been completely corrupted. This may afford more time to clean and recover data, contain damage, and prevent worsening conditions.
- Immediately secure backup data or systems by taking them offline.
- Ensure backups are free of malware.
- Delete Registry values and files to stop the program from loading.
2. Contact law enforcement immediately.
- A ransomware attack is no different than a bank robbery, treat it the same.
- We strongly encourage you to contact a local field office of the Federal Bureau of Investigation (FBI) or U.S. Secret Service immediately upon discovery to report a ransomware event and request assistance.
- Do not “cover up” the incident.
- Collect forensic information if any is found.
3. Do not pay the ransom
- FBI recommends that you NOT pay the ransom.
- Probably won’t help get your files back
- Paying means they have your files and your money.
- It can be illegal to pay the ransom if the attacker is on the US Denied Parties list.
4. If you backed up your files you can recover
- If you have previously commissioned an IRT, now is the time to call them.
- Restoring files in only one part of your recovery, you will also need to format drives and reinstall programs.
- Change all online account passwords and network passwords.
- Don’t be afraid to ask for help.