- Lake City, Florida’s city government paid ransomware attackers roughly $530,000 or 42 Bitcoins, to revive access to systems and data last month.
- The City of Riviera Beach, Florida, paid ransomware attackers about $600,000 to recover access to their systems last month.
- Earlier this month, LaPorte County, Indiana paid over $130,000 worth of Bitcoins to ransomware hackers to regain access to part of its computer systems.
- This week, Louisiana Governor John Bel Edwards activated a state of emergency in response to a wave of ransomware infections that have hit multiple school districts in North Louisiana.
The recent ransomware strikes on Lake City, Florida, Riviera Beach, Florida, LaPorte County, Indiana, the City of Baltimore, Maryland, and a varied base of partnerships such as Eurofins Scientific, COSCO, Norsk Hydro, the UK Police Federation, and Aebi Schmidt reflect higher ransoms are being demanded than in the past to discharge high-value systems. There’s been a 44% decline in number of organizations impacted by ransomware in the previous two years, yet an 89% increase in ransom demands over the last 12 months according to this Q1, 2019 Ransomware Marketplace Report published by Coveware. The Wall Street Journal’s post”The Way Ransomware Attacks Are Forcing Big Upgrades From Cities, Counties” provides an excellent summary of the way Ryuk, a ransomware version, works and has been used to maintain unprepared municipalities’ IT networks for ransom.
How To Handle A Ransomware Attack
Interested in learning more about Ransomware and the way to help municipalities and producers protect themselves against it, I attended Centrify’s recent webinar,”5 Measures To Minimize Your Exposure To Ransomware Attacks”. Dr. Tensor George, noted cybersecurity evangelist, given a wealth of insights and knowledge about how any company can protect itself and recuperate from a ransomware attack. Crucial insights from his webinar include the following:
Ransomware attackers are getting more complicated using spear-phishing mails that target specific people and seeding legitimate websites with malicious code — it is useful to be aware of the body of an attack. Some recent attacks have started exploiting smartphone vulnerabilities to penetrate corporate networks, according to Dr. George. The following picture from the webinar describes how attackers initiate their ransomware efforts by sending a phishing email which may include a malicious attachment or link that leads to a malicious website. When a person clicks on the file/webpage, it unloads the malware and starts executing. It then establishes communications into the Command and Control Server — more often than not through TOR, which is totally free, open-source software for empowering anonymous communication. At another step, the files get encrypted, and also the end-user gets the notorious ransomware display. From there on, communications with the end-user is completed via TOR or comparable technologies. Once the ransom is paid often via Bitcoin to prevent any traces to the attacker — the private key is sent to the consumers to regain access to their own information.
To Lessen the impact of a Ransomware assault on any company, Business Continuity and Prevention plans will need to be in place today. A foundation of any successful Business Continuity strategy is following best practices defined by the U.S. Government Interagency Technical Guidance. These include performing regular data backup, penetration testing, and protected backups as the picture below illustrate:
There are six preventative Measures every company can take today to minimize the risk and possible business disruption of ransomware, as stated by the U.S. Government Interagency Technical Guidelines and FBI. One of the very valuable insights gained by the webinar was studying about how every business should engrain cybersecurity best practices into their everyday routines. Calling it”cyber hygiene,” Dr. George provided insights into the following six preventative steps:
Stopping privileged access abuse with a Zero Trust Privilege-based approach reduces ransomware attacks and breaches’ ability to proliferate. Centrify found that 74% of all data breaches involve access to a registered account. In a separate study, The Forrester Wave™: Privileged Identity Management, Q4 2018, (PDF, 19 pp., no opt-in) found that at least 80% of data breaches have a connection to compromised privileged credentials. Dr. George found that hackers don’t hack anymore–they log in with weak, default, stolen, or compromised credentials. Zero Trust Privilege necessitates granting least privilege access based on verifying who is requesting access, the circumstance of the petition, and the risk of the access atmosphere.
Among the most valuable segments of the webinar covered five measures for minimizing an organization’s exposure to ransomware taking a Zero Trust-based strategy. The five steps that each company needs to look at how to decrease the danger of ransomware includes the following:
Instantly Establish A Secure Admin Environment. To prevent malware from dispersing sessions that connect servers with privileged access, set policies that only authorize privileged access from a”clean” source. This may prevent direct access from user workstations that are connected to the Internet and receive external email messages, which are too easily infected with malware.
Secure remote access from a Zero Trust perspective , particularly if you’re working with distant contractors, outsourced IT, or development team. When remote access is secured via a Zero Trust-based approach, it alleviates the requirement to get a VPN and manages all the transfer security between the secure client and distributed server connector gateways. Ransomware can travel through VPN connections and spread through whole corporate networks. Taking advantage of a reverse proxy strategy, there’s no logical path to the community, and ransomware is not able to spread from system into the community.
Zoning access is also a must-have to thwart ransomware strikes from spreading across company networks. The webinar showed how it’s an excellent idea to create and enforce a series of access zones that restrict access by privileged users to specific systems and demands multi-factor authentication (MFA) to reach assets out of their zone. Without passing an MFA challenge, ransomware can not spread to other programs.
Minimizing assault surfaces is key to stopping ransomware. Minimizing assault surfaces reduces ransomware’s potential to enter and spread throughout a company’s network. Dr. George made the point that vaulting away shared local accounts is a really effective strategy for decreasing attack surfaces. The point was made that ransomware does not always require elevated privileges to disperse, but if achieved, the effect will be much more damaging.
Least Privilege Access is foundational to Zero Trust along with a must-have any network to protect against ransomware. When least privilege access is in place, organizations have considerably tighter, more granular control over which accounts and resources admin accounts and users have access to. Ransomware gets stopped in its tracks when it can’t install documents or attain least privilege access to complete installation of a script or code foundation.
Ransomware is the iteration Of a strategy used for centuries for financial gain. Holding someone or something for ransom has now graduated to holding whole cities and companies hostage before a Bitcoin payment is made. The FBI warns that paying ransomware attackers only fuels more strikes and subsidizes a illegal business model. That is why taking the preventative measures provided in the Centrify webinar is something every company needs to consider today.
Staying safe from ransomware in the Contemporary threatscape is a challenge, but a Zero Trust Privilege strategy can Reduce the risk, your company is going to be another victim made to make a Gut-wrenching choice of whether or not to pay a ransom.