- July 4, 2019
Cybersecurity Awareness – By Ron Frechette, The Cyber Coach
If you haven’t heard it in the news, Florida has been a primary target for ransomware attacks over that past month and the trend seems to be increasing. Several cities, small businesses, and individuals have fallen victim to these attacks which has caused tremendous angst within state & local government offices and citizens across the state.
The city of Riviera Beach, FL was initially infected with a malware virus in early June that forced the city to pay cyber criminals a $600,000 ransom in order to unlock their data. Lake City, FL was hit the following week and was forced to pay attackers $460,000. And most recently the city of Key Biscayne, FL suffered a malware virus attack called Triple Threat and is actively working with cyber-forensic experts and the FBI to negotiate a ransom payment with the cyber thugs to get their data back.
We are also seeing high-net-worth individuals and small-midsize businesses fall prey to these attacks. We recently negotiated a ransomware attack fee for a small business where we were able to convince the attackers to accept $8,000 (one bitcoin). In the client’s case, they had no back-ups and their firewalls and AV were not properly configured. It was either pay the ransom to unlock their data or pack up your belongings, head to the house and most likely file for bankruptcy. Welcome to the Digital Age!
So… this month our objective is to educate readers on what exactly a ransomware attack is and share some ways that you can mitigate your risk of becoming a victim.
What is Ransomware and How Does it Work?
Ransomware is a type of malware that encrypts the files on a single user’s device or a system’s storage devices. In order to access the encrypted files, users are forced to pay a “ransom” to a cybercriminal group or lone attacker. The ransom fees are all paid in bitcoin which makes it nearly impossible to track.
Ransomware usually spreads through spam email attacks. The spam email will have a malicious attachment that appears to be a valid file or will include a URL link in the body of the email. If you open the attachment, the ransomware will activate within seconds and starts to encrypt files on the device. If a link is used as the attack vector, once clicked, the user is taken to a web page where the ransomware is delivered to the device without the user’s knowledge. The malicious programs or sites often use “exploit kits” to detect security vulnerabilities in the device’s operating system or applications that can be used to deliver and activate the ransomware.
Ancillary Costs Associated with Ransomware Attacks
The impact of a ransomware attack extends well beyond the cost of the ransomware fee. Businesses must also incur the costs associated with loss of data such as lost productivity, forensic investigation fees, data and system restoration fees, media/client breach notification fees, and brand damage.
As a case in point, the small business we supported paid fees in excess of $60,000 beyond the ransomware fee and additional expenses are still being incurred.
Four Ways to Reduce the Risk of a Ransomware Attack
- Security Awareness Training – Attackers use email and social engineering practices to entice a user into downloading malware or exposing their username and password. Simulated phishing emails and basic security awareness training on how to identify malicious emails are extremely effective.
- Have a Disciplined Patching Program – It’s relatively simple for cybercriminals to identify unpatched devices and software on an enterprise’s network, and once identified, to take advantage of known vulnerabilities. Patch your systems!!!!!!!
- Back Up Data – Ransomware can encrypt backups stored on servers. You should backup important files to a network drive and also have a cloud backup service We should also test that the backups can be restored. If, by chance, ransomware encrypts all local files and backups, we can still restore them quickly with minimal impact to the business.
- Defense in Depth – have multiple layers of defense. If one layer does not block an attack, you have additional overlays that can mitigate the threat.
In closing, ransomware attacks are on the rise and we need to be vigilant about protecting ourselves from them. The consequences can be significant as many of our neighboring cities and small businesses are beginning to see.
Until next month, wishing you a safe and secure journey in cyberspace!