The biggest threat to businesses today? Ransomware. According to Cybersecurity Ventures, a company was attacked every 11 seconds in 2020. The costs from these attacks will reach around $20 billion by 2021! In fact, Barracuda shared: “Ransomware attacks have become so prevalent and dangerous that they are now being treated as terrorist attacks.”
Cyber attacks have reached new highs due to the increase in remote work, lack of employee training, and exploitation of common vulnerabilities. It’s become clear that cybercriminals show no sign of slowing down. It’s up to SMB’s to work with Managed Service Providers (such as Computers Nationwide) to make sure your workplace is using every cyber security tool possible to be proactive!
Is your business set up with business continuity and cyber resilience at the forefront of your mind? If not, these goals need to be top priority ASAP for your best chance at survival. Read on to learn how to detect and protect with the experts at Computers Nationwide…
“As we approach a “new normal” in which remote work is becoming more widespread, securing digital infrastructure – no matter where in the world it is – is a habit that is sure to stay with companies for many years to come. The past year has made clear that enhanced digital security measures have become fundamental to business operations, regardless of where those operations might take place. It has also made clear that IT divisions must proactively address challenges on the horizon rather than wait for them to come to a head and risk long-term damage to intellectual property and systems.
The FBI recorded a significant uptick in cybersecurity complaints since the beginning of the pandemic, which nearly quadrupled from their rates prior. The increase in attacks has reverberated with information security leaders internationally. A survey by Fudo Security found that of a diverse group of global information security leaders, 42% agreed that the pandemic has changed their cybersecurity priorities, and almost a quarter said that their own companies had been the victim of cyber-attacks.” Security Info Watch
Back to the basics…
What is ransomware?
Ransomware is malicious software (otherwise known as malware) that infects a computer and restricts users’ access to data until a “ransom” is paid to unlock it. Different versions of ransomware have been studied for several years to learn where they originated, how they attacked, and if they actually grant the victim access after receiving payment. Ransomware is tricky as cybercriminals are constantly evolving their methods of attack and finding new methods of disguise to trick unsuspecting victims. Users are shown instructions for how to pay a fee to get the decryption key. The ransom costs can range anywhere from several hundred dollars to many thousands, depending on the target. Two prime examples of this were the recent attack on T-Mobile and REvil’s attack on Kaseya.
How do ransomware attacks occur?
There are countless ways ransomware can take hold of a device, with phishing emails being the most common. Traditionally, cybercriminals targeted common vulnerabilities in organizations. But now, they are using another entrance: unsuspecting employees clicking on links they trust. Veeam gives an overview of common attack patterns:
- Phishing emails (Where they set up newly created domains to run phishing email campaigns over a short period)
- Drive-by download (usually starting with a phishing email)
- Credential stuffing (reuse of compromised user identity) either by credential phishing or by getting hold of account information from hacked third-party sources.
- Brute-force attacks (for non-MFA based services such as RDP, ADFS, Legacy authentication Azure Active Directory)
- Exploiting vulnerabilities (Exchange, Citrix NetScaler, Fortinet as some examples)
- DDoS attacks (high-volume attacks, using vulnerabilities in, for instance, UDP/DTLS protocols)
- 80% of victims who submitted a ransom payment experienced another attack soon after
- 46% got access to their data but most of it was corrupted
- 60% of survey respondents experienced revenue loss
- 53% stated their brands were damaged as a result
- 29% of respondents stated their companies were forced to remove jobs following a ransomware attack
It’s clear that cybersecurity must be a key component of every SMB’s digital infrastructure. Don’t become a statistic!
How can businesses of all sizes in Illinois, Indiana, and Wisconsin defend themselves against ransomware? What solutions are available from Computers Nationwide?
Learn the top tips for ransomware protection and innovative solutions available from our trusted network affiliates…
StorageCraft shares their 5 steps to building an effective ransomware-free data protection strategy:
“As much as we hate it, ransomware is here to stay. It is now permanently on the list of things to watch for when it comes to cybersecurity. There is no silver bullet against ransomware, so to mitigate the threat, you must protect your data from every possibility—and always consider the worst-case scenario.
1. Protect Your Backup Data Using a Cybersecurity Solution: Given the current situation, protecting your backup server is now one of the most critical things you can do. So, you must use a good cybersecurity solution to protect your data.
2. Make Sure You Don’t Have a Single Point of Failure: Having multiple copies of your data is like the saying, ‘The more, the merrier.’ Remember, you must always look at the worst-case scenario. Imagine a new type of ransomware that goes undetected by all of your cybersecurity systems and infects your backup data. Like StorageCraft’s take on the 3-2-1 backup rule, known strategies now include features like storage immutability and near-zero RPOs and RTOs.
3. Leverage the Cloud: When creating multiple copies of your data, the cloud is an interesting option for storing offsite copies. Using a cloud solution gives you the option of having a fully functional backup server for recoveries and immutable storage. The cloud can also be an essential ally when everything goes wrong, your entire on-premises environment goes down, and you need to retrieve your data.
4. Create immutable copies: Immutability is not new. We have been hearing about WORM (write once, read many) devices for decades. Today you can find exciting options for keeping copies of your backup data at a safe location that let you revert to your recovery points if your data gets encrypted by ransomware. StorageCraft OneXafe delivers object-store immutable storage by using blockchain-like technologies to store immutable recovery points in a scale-out cluster.
5. Use Multi-factor authentication: One of our important allies in the battle against cyberattacks is multi-factor authentication. Multi-factor authentication tools help ensure that only authorized users can enter a system and examine, write, or encrypt data. It helps guard against credential theft, a growing source of attacks, preventing unauthorized access to critical systems, such as your data protection solution.
While there are many other best practices to explore to ensure your data protection solution keeps you safe from ransomware, if you follow these five steps, you will be adding multiple layers of protection, giving you a better chance of avoiding becoming a cyberattack victim.”
- “Patch and keep your systems updated: This is to avoid attackers being able to exploit known vulnerabilities. Many organizations have automated patching in place for Windows based environments, but we also need to make sure we have processes in place for other systems where we might not have the same automated patching systems, such as virtualization layer, external services (VPN, Firewall) and other third-party products.
- Apply strict MFA for all remote access: This is to avoid brute force attacks, and in most organizations, not always easily implemented since many have external services that have support for different protocols such as SAML, Radius, OAuth, Windows authentication, LDAP and such.
- Protect user accounts: This is not always a simple task, but there are more and more services now that can provide identity protection and notify if user credentials have been leaked. This is important to ensure that attackers cannot reuse active credentials. Here we have services like Azure Active Directory Identity Protection, or even using the free service from haveibeenpwnd.com, where you can get notified from user accounts from a certain domain.
- Protecting the endpoint: Most ransomware attacks starts with a compromised endpoint, so it’s important to have proper security in place for the endpoints. Traditional antivirus is no longer enough, where we see that more and more organizations are adopting EDR (Endpoint Detection and Response) to be better equipped at stopping unknown processes/activities on a computer.
- Email security: Since many ransomware attacks start with phishing emails, it’s important to have proper protection mechanisms to reduce the risk. Some common mechanisms are ensuring that you have proper SPF, DMARC and DKIM records in place for your email domains. This avoids attackers forging emails from the same domain. Another measure is to apply email headers for all external received email to give information to employees that the email they received is from an external sender.
- Data protection: If your infrastructure and data get encrypted by ransomware, it’s important to have proper data protection mechanisms. Firstly, backup services and systems should be disconnected and not directly accessible from the same domain or infrastructure, that way there is no way the attackers can directly access the backup systems. Secondly, the backup data should be immutable so that the ransomware variant cannot overwrite or change the backup data.
- Visibility: Having visibility on what is going on in your infrastructure is also an important aspect to be able to detect if there is an on-going attack or if someone is trying to do some reconnaissance. We have seen that many attackers are just selling remote access to customer environments and letting others handle the ransomware deployment, so having insight about if someone managed to get access is important.”
Barracuda gives insight to how hackers use phishing in ransomware attacks and how to protect yourself:
“Organizations looking to protect themselves against these new tactics used to spread ransomware should first focus on protecting their credentials and access. This requires a two-pronged approach: first invest in detection and response tools and then focus on training your users.
Your email protection technology should focus not only on the detection of malicious payloads delivered through links or attachments, but also recognize when attacks use social engineering tactics designed to bypass filtering technology and trick users into action. It should look for malicious intent within an email, even when it does not include a malicious payload. Email security that uses machine learning algorithms can detect social engineering attacks with a higher degree of accuracy, looking for the smallest deviations from usual communication patterns.
Protecting your users’ credentials can’t be done without proper protection against account takeover. Two-factor authentication (2FA) remains a best practice and is something that should be adopted by every organization today. However, it’s not a silver bullet, and it’s not always enough. Hackers find ways to get around 2FA either by tricking users into installing malware on their verification devices or giving fake apps access to their accounts. Organizations need to have account takeover protection in place that will quickly identify and alert about malicious activity such as suspicious log-ins or attacks launched from compromised accounts
As the last line of defense, it’s crucial to train your employees to recognize and report attacks. Make security awareness training and phishing simulation part of your email security strategy. Historically, phishing attacks were associated with email only, but today cybercriminals will use other channels such as SMS and voice. Use phishing simulation for emails, voicemail, and SMS to train users to identify cyberattacks, test the effectiveness of your training, and evaluate the users most vulnerable to attacks.”
“Ransomware is a rapidly growing problem that we see impacting servers, desktops and mobile devices in homes, businesses, and governments. Below are several tips to help you avoid becoming a victim to it.
- Data Backups: The first and most important thing that you can do is to back up your devices.
- Patching: Patches are updates to a computer program or its data that improve or fix it. By installing patches as soon as they are released or setting automatic patching where available, you can keep your system up to date.
- Multi-Factor Authentication (MFA): Enable MFA where available to better protect your accounts and devices. This also protects against credential stuffing attacks.
- Use a Password Manager: Using a password management tool can help you create strong, unique passwords for every account. A password manager is a software tool that is used to store all of your passwords in an encrypted file so that you, and no one else, have very easy access to them, helping to minimize security concerns.”