Sooner or later, many companies will tell their remote workers to learn to live with Covid, and that it’s time to return to the office. Few are counting on a different kind of virus — ransomware — being part of the back-to-normal routine.
As the pandemic forced employees to work from home, their laptops, smartphones and tablets have been in unsecured environments. The devices might have unpatched software, security controls deactivated or be infected with malware. Now, as people migrate back to their offices, networks and systems are at increased risk. Should ransomware breach your IT system, it locks all files using strong encryption and demands payment, typically in cryptocurrency, to restore operations.
According to Backblaze, a global cloud-storage provider, there has been a staggering increase in ransomware incidents of late. Just this year, sophisticated criminal syndicates demanded $50 million from PC manufacturer Acer, shut down Colonial Pipeline, the nation’s largest fuel pipeline and extorted $11 million from meat-processor JBS. Other recent targets include hydraulic crane manufacturer Palfinger, Molson Coors, hundreds of supermarkets in Sweden and Ireland’s entire health system.
Attacks have become more frequent as amateur criminals get into the game by acquiring malicious code on the dark web for a fee. That makes almost every company, regardless of size and industry, a potential target. Numerous incidents go unreported as organizations fear damage to their reputations. Unfortunately, paying up only encourages more of the same. Ransoms now average around $200,000. And that doesn’t factor in the cost of production shutdowns and lost sales which can easily run into the millions. Worse, paying a ransom does not ensure that your data will be restored or you won’t be extorted again.
Firms with ineffective security controls and out-of-date or unsophisticated IT systems are at the highest risk, as criminals concentrate on areas that provide the highest payback for the least effort. Often, a company’s employees are the weak link in letting viruses enter networks.
Experts at the Cyber Readiness Institute say one simple solution to reduce the threat of ransomware: educate people to follow basic cyber hygiene practices that make it more difficult for miscreants to succeed.
The non-profit has published a Ransomware Playbook to guide organizations of any size through the steps that will help prevent ransomware attacks. “Not every attack can be averted, but we’ve come to recognize that a lot of the behaviors individuals and organizations engage in, allow bad actors to take advantage of gaps in their cybersecurity. That’s why we focus on the aspects of human behavior that can help create a foundation for a strong culture of cybersecurity. It’s not about technology and it’s not complicated,” according to CRI. Among their recommendations, blocking access is key:
- Train your staff on phishing prevention on their laptops, desktops, and mobile devices. Phishing uses fake emails and messages to trick people into clicking on links or attachments that introduce malware. It’s easy to spoof an email, so be wary of messages even from people you know. Likewise, visiting compromised websites, clicking on “malvertisements” and downloading content from social media sites are common avenues of infection.
- Use strong unique passwords or passphrases. And use multifactor authentication to protect your accounts.
- Make sure to install the latest security updates and patches from your software vendors. Use anti-malware software, but don’t rely on it to cover for lax practices and to catch all attacks.
- Limit administrator accounts on your network.
Then, prepare for the worst:
- Ensure you have off-network back-ups that are kept up to date. Make frequent, comprehensive copies of all important files and isolate them from local and open networks. Offline back-ups, such as external drives or cloud storage, must be “air-gapped” and inaccessible from any potentially infected computer.
- Test your back-ups regularly to confirm that they are usable and current.
- Create an incident response plan with clear steps on what to do if compromised.
The best defense against a ransomware attack is to avoid having one in the first place, noted CRI. Other than that, making sure your valuable data is backed up and unreachable by a ransomware infection will ensure minimal or no downtime and data loss if you ever suffer an attack.
You may also like:
Filed Under: Fluid Power World Magazine Articles, News