Defending Businesses Against Ransomware
A dominant cybersecurity threat facing organizations of all types is ransomware.
The ransomware fight is akin to a war between cyber-criminals and the businesses they target. According to the FBI’s Internet Crime Complaint Center, Americans lost more than $4.2 billion in 2020 with over 2,000 daily complaints relating to cybercrime and ransomware. Some report that 51% of businesses were targeted by ransomware in the past year. The most high-profile ransomware attack yet was the May 2021 Colonial Pipeline shutdown. This attack cost the company millions of dollars in losses so far with class action lawsuits pending.
What exactly is Ransomware?
Ransomware is malicious software that often encrypts and holds a victim’s data for a ransom. This data can include key files and critical databases. Attackers demand payment using a cryptocurrency like Bitcoin. Today, criminals will also threaten to release a victim’s data as further incentive to pay the ransom. Here, before the data is encrypted, the criminals will copy it and threaten to post the data publicly in this new wave of cyber extortion.
Payments are another issue. The average payment demand was over $230,000 in 2020 but can be much more for high-profile companies. The demands can be negotiated down as well. However, the government does not recommend paying a ransom. First, it does not guarantee you’ll get your data back. Second, it encourages the culprits to target other victims because payment rewards their illicit behaviors.
While ransomware can be technically sophisticated, its success primarily depends on exploiting human behavior to get around cyber defenses. To do this, attackers often engage in sustained email phishing campaigns directed at a single target organization. The goal of these email campaigns is to entice an employee to open a malicious attachment or click a link leading to a malware infected site.
How do organizations defend against this threat?
Given this serious threat, it’s best to take a holistic approach to cybersecurity. We’ll offer a ‘Triple T’ multiple-prong strategy of Training, Tools and Tactics. This approach will help combat ransomware as well as other cyber threats.
Given that attacker’s target employees, it’s essential to promote security awareness through an ongoing training campaign in the organization. A trained employee is the best defensive front line in the war against cybercrime. For instance, criminals attempt to trick employees with alluring sounding websites and email addresses that look like their authentic counterparts. For example, employees need to recognize the difference between emails from President @ University . edu versus an altered President @ University1 . net.
Moreover, there has been a significant rise in phishing email attacks using HR subject lines, such as referencing a new policy that would impact workers in an organization. Other subjects that attackers like to misuse include security themes such as ‘click this link to reset your password’ that leads to an infected site.
The Cybersecurity firm KnowBe4 reports that some of the most popular ‘in-the-wild’ email subject lines in early 2021 included the following:
- Zoom: Important issue
- IT: Information Security Policy Review
- Mastercard: Confirmation: Your One-Time Password
- Facebook: Your account has been temporarily locked
- Google: Take action to secure your compromised passwords
- Internship Program
- IT: Remote working missing updates
- HR: Electronic Implementation of new HR System
Today, automated security tools are being deployed in the battle against phishing, malware and other criminal activity. These include enterprise-wide solutions with anti-ransomware features built into the product. While these provide no guarantee against infection, modern tools should be installed on every device in the enterprise Email based solutions can help warn employees of risky messages as well as insert an alert into any email from outside the organization. Moreover, today’s tools are increasingly using artificial intelligence to better recognize and halt ransomware and other forms of malware.
To fight this battle successfully, organizations need a dedicated IT security team ready to contain, respond and recover from an attack. Tactics and techniques include having reliable backups in the event a database gets encrypted. If an attack bypasses your cyber defenses to encrypt your data, nothing can be more valuable than having a professional team who have reliable data backups and have practiced data recovery.
Three other expert tactics to mitigate and recover from attacks include:
- Network segmentation. Many organizations divide their network into smaller sections called segments. In the event of an incident, a segmented network offers the benefit of containing an incident to a single segment. This tactic can isolate and keep the ransomware from infecting the network on a wider scale.
- System updates. Attackers like to target old and vulnerable versions of software. Thus, businesses must ensure software and systems have the most recent security patches and updates. This is essential as this action alone can remove many vulnerabilities in your systems.
- Unlock tools and expert contacts. In a serious attack, organizations will need expert help. Knowing who to contact can be critical. Sites like NoMoreRansom.org offer decryption tools that can regain access to encrypted or locked systems without having to pay. The US Government, FBI and other law enforcement agencies are offering more information and tools such as StopRansomware.gov which provides the latest alerts, updates and resources. Others like Mitre’s Ransomware Resource Center specialize in helping those in the healthcare field.
Like most security threats, there is no silver bullet for ransomware that will provide perfect protection. Instead, it’s best to take a more holistic approach such as what is suggested here to guard against ransomware and other cyber threats.
At Anderson University, our Cybersecurity program is educating and training a new generation of cyber-warriors who will protect and defend organizations from cyber-attacks and other contingencies that threaten critical data and systems. For details about the Anderson University Center for Cybersecurity, visit www.andersonuniversity.edu/Cyber.
Dr. Kenneth Knapp is director of the Anderson University Center for Cybersecurity. This is from his article, "Defending Businesses Against Ransomware: Training, Tools and Tactics."