On March 22, 2018, a remote-triggered ransomware called “SamSam” demanded a one-time payment of $51,000 be made to restore the city of Atlanta, Georgia’s, data. Despite an operating budget somewhere in the neighborhood of $625 million, Atlanta’s municipal leaders refused to pay the fine. The “hostage situation” has cost the city over $2 million already with an expected $9.5 million more likely to be spent restoring and re-enforcing the municipality’s network and infrastructure. This doesn’t take into account downtime and the significant amount of data lost in the hack. Whether or not you think it’s a good idea to not pay the ransom, if a whole city - especially one as large as Atlanta - can effectively be crippled by a single hack, you better believe that your business has to get serious about its cybersecurity efforts.
The situation in Atlanta, where months later they are still foraging through the rubble, is a cautionary tale for everyone; and by in large, you are seeing that everyone is taking this threat seriously. With WannaCry, Not Petya, Locky, and Crysis all hitting the business community in 2017, it has become evident to a lot of business owners that they only thing standing between a fate where they are paying some dissident group for their own data, and one where they are insulated from this hell is their ability to act on the cyber security strategies they’ve created for their business. Today, we will go into why these attacks keep happening and provide you with some of the best practices organizations like yours are going to have to implement (and stay on top of) if you don’t want to be just another victim of hackers looking to make a quick buck.
Reasons for Ransomware
The obvious one is greed. Hacking groups that have the knowledgeable personnel want to extort money from people who can (and will) pay it. There have been extensive studies done in the effort for law enforcement and security professionals to understand just what makes cybercriminals tick. Most black hat hackers don’t start hacking to cause chaos, they started doing it because they were curious and when it becomes obvious that companies and organizations have major security holes in their networks, instead of stopping, they crack the network open and see what they can find. Some even start benevolently sharing the information with companies, but contempt for prideful IT administrators who wouldn’t admit to vulnerability for fear of looking bad at their jobs, can get the curious hacker to retaliate. Once the money starts flowing in, the individual can justify their decisions.
People do worse for money, right?
But why ransomware? Well there are a few factors that have evolved malware into ransomware. Firstly, the relevance and general unregulated cryptocurrency market. Since there is no real oversight in cryptocurrency, and Bitcoin holders have total anonymity it makes it ideal for hackers to demand. Secondly, abundance of code. Ransomware-as-a-Service offerings on the dark web allow malevolent parties to gain access to code that only a short time ago, required professional coders to write. Thirdly, modern day operating systems don’t have the runtime detection capabilities that could stop ransomware execution. Lastly, and probably most importantly, is that users have not been properly trained on how to protect themselves when opening attachments.
Security has been getting better, but with hackers facing uncrackable encryption rolled out by IT administrators and cybersecurity professionals, they have become increasingly skilled at deploying social engineering tactics and phishing techniques. Today, it can be difficult for the average computer user to ascertain that they are looking at a phishing email with a spoofed email address, giving hackers new avenues to infiltrate or get their malicious code onto networks.
What Can You Do?
There are several strategies you can take to keep your network free from ransomware. They include:
- Have proper security measures in place: endpoint protection from Sophos is a great starting point. Combine that with a Sophos firewall and you get the Sophos "security heartbeat" which is end to end protection. We find this to be a best in class solution. For more information, click here.
Back up your data: In keeping regular backups of your system and changes in data offsite, you are essentially protected against any type of ransomware situations. Sure, you may deal with a bit of downtime, but talk to your IT professional about your recovery options to ensure that if something terrible happens, your business won’t lose any critical data.
- Educating employees: Ransomware is often deployed the same way a lot of malware is, through email attachments, downloads, and through the web. Training your staff on how to decipher risky situations, and what to do when they encounter them, can go a long way toward keeping ransomware, and other malware, off of your business’ network.
- Restricting access and code execution: Sometimes ransomware is written to execute from data folders, so having a full access control system in place can add a line of defense to your security system.
- Maintaining and patching software regularly: Keeping your anti-malware and security software up to date can go a long way toward keeping malware like ransomware off of your network.
There are a lot of other practices at a network level and with your email solution that you can utilize to keep unwanted entities out of your network. The IT professionals at Ashton Technology Solutions are experts at keeping network and infrastructure up and running, reducing downtime, and providing a dynamic, secure, and reliable computing environment conducive to high-levels of productivity.
Ransomware may be a huge threat to the health of your business, but with the right solutions and practices, you won’t end up like the city of Atlanta. Call us today at 216-397-4080 to learn more about our comprehensive cybersecurity services.