In the time that it takes to read this article, the world will most likely experience fifteen ransomware attacks. Experts expect for a ransomware attack to take place every 11 seconds in 2021. That rate of attack will end up costing $20 billion over the coming year. Ransomware has been a disturbing menace that has plagued organizations for decades. The first ransomware attack took place in 1989 and the rate of attacks has accelerated ever since. The recent third quarter of 2020 saw a 40 percent increase over the year prior, composing a grand total of 199.7 million cases globally. 145.2 million of those attacks took place in the U.S., which experienced a 139 percent increase in the same quarter. Yet while ransomware attacks kept up their continued pace of acceleration, overall malware attacks actually decreased significantly in the third quarter. Ransomware has clearly risen to the top as way for cybercriminals to profit.
Basic Technical Measures to Take Against Ransomware
As prominent as ransomware is today, you would think it to be extremely difficult to prevent, but that really isn’t the case. There are basic measures that enterprises can take to thwart this menace. For instance, according to MVP Sami Laiho, one of the world’s leading security professionals for Windows operating system if every enterprise blocked PowerShell for standard users, the majority of ransomware attacks would not have worked. That is because ransomware, as well as other types of malware, utilize PowerShell. For those users that require it, configuring firewall rules regarding internal PowerShell engines is a crucial step. Some other proven measures that enterprises can take include the following:
- Always run the latest hardware and software on all of your systems. Many ransomware strains such as the infamous WannaCry, which brought down 300,000 computers in 150 countries, are programmed to attack older operating systems. Often times, legacy software is protected by outdated security protocols and processes. Furthermore, once software reaches reaches end of life, it is no longer supported. This means that discovered exploits are left wide open.
- Because email continues to be the primary delivery mechanism for ransomware, an email security solution is essential. While no filtering solution is perfect today, it is important to supplement email security products with cybersecurity awareness training as email users are often at the front line of the battle.
- Implementing a well-designed backup and recovery strategy that includes a 3-2-1 backup approach is indispensable. Once data has been encrypted by an outside entity, it is no longer accessible. The ability to restore data from backup storage in quick fashion can drastically reduce downtime, lost revenue, and remediation costs. Backup processes should be supplemented with periodic sensitive data scans in order to know what data you have and where it resides.
All of these measures should be part of an overall multi-layer cybersecurity strategy in which all components work in tandem to secure the entire spectrum of your attack surface. In order to be effective, a cybersecurity strategy should involve multiple parties such as a team of third-party cybersecurity experts that can add an outside perspective as well as company leadership to sign off on it.
Should You Pay the Ransom?
The question of whether a victimized organization should pay in lieu of a ransomware incident is a contested one. If ransomware perpetrators could be trusted, it can be argued that the fastest way to obtain access to your data would be to pay the ransom. Unfortunately, fulfilling a ransomware payment does not guarantee that a victim will be able to unencrypt their data. There are other reasons besides just trust, however. As you can imagine, the type of people who launch ransomware attacks on companies, educational institutions and government organizations are not very nice people. In fact, they include a pretty sinister array of groups such as international criminal organizations and countries such as North Korea, Iran, and Syria that are known to sponsor illegal cyber activity. These rogue nations organize or sponsor groups such as the Syrian Electronic Army to not only extort money, but create general havoc as well. Because our government invests considerable resources combatting the illegitimate actions of these countries and criminal organizations, they have a vested interest in ransomware attacks as well, especially when it concerns the payment of the ransom.
There is some debate as to whether extortion payments may in fact be in risk of violation of some legislations such as the International Emergency Economic Powers Act (IEPPA) and the Trading with the Enemy Act that prohibits U.S. citizens from engaging in transactions, directly or indirectly, with individuals on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List) as well as other nations flagged by embargoes or other restrictions. The Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued an advisory outlining the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities. As of right now, the payment of ransomware payments is not illegal and is covered by designated cyber insurance policies. As a general matter, the OFAC encourages institutions and other companies to implement a risk-based compliance program to mitigate exposure to sanctions-related violations. This is an issue that further complicates what is already an acute threat to businesses of all sizes.
How to Protect your Company and its Leadership
While ransomware is a complicated topic, there are proven strategies that incorporate basic tools and strategies to combat it. First step is to do a risk assessment. HALOCK has partnered with organizations to define their risks across the full spectrum of cyberthreats, including ransomware, for years. This includes the creation of strategies to secure against those risks as well as the construction of incident response plans in order to minimize disruptions to your business operations, remediation costs, and reputational damage. Ransomware is a definite threat, but it doesn’t have to an overriding worry with the proper protections in place.
Let’s review your security profile and find out how we can reduce your exposure to this menacing threat.
Security Solutions to Help Prepare
- Recurring Penetration Testing
- Incident Response Readiness as a Service (IRRaaS)
- Sensitive Data Scanning
- Risk Management Program
- Managed Detection & Response (MDR) or Threat Hunting Program