Ransomware Has Gotten So Bad, It’s Aligned with Terrorism
Ransomware has rapidly progressed from an irritating annoyance to a legitimate global threat, with the U.S. Justice Department officially going on the record and establishing that future ransomware investigations will be handled the same way that terrorism cases are now. Let’s review the reasons behind this policy change and how your business should respond.
How Much Worse Has Ransomware Gotten?
Let’s look at this somewhat casually.
Ransomware was never something to be trifled with. However, compared to the attacks we’re seeing today, the attacks of the past seem to be small potatoes at their worst. Having your business’ data encrypted is bad. However, crippled supply chains and interrupted national infrastructures (as we’ve seen in the recent attacks on JBS SA and Colonial Pipeline) are undoubtedly worse.
The dangers that such ransomware attacks pose cannot be understated, and no business is truly safe. The White House recently said as much in their warning to companies in regards to their cybersecurity preparations.
This is Why the US Justice Department is Speaking Out
Understandably concerned about the ramifications such threats could easily pose to national security, the Department of Justice has joined with the White House to draw a line in the sand. As their way of responding to what they accurately described as a “growing threat,” investigations into ransomware cases will now be handled similarly to how terrorism cases are… all stops taken out in terms of what tools are used.
Other Governing Bodies are Following Suit
Likewise, in response to the JBS hack and the potential economic ramifications it will likely cause, the US Congress is now considering the lack of federal oversight into the cybersecurity protections implemented by meat processors. Such oversight could help to create a more unified strategy to help prevent and mitigate these kinds of attacks and their widespread impacts.
Ransomware Threats are Also Getting Worse
In addition to many ransomware attacks being waged on bigger, higher-value targets, the strategies involved across the board are evolving. Just consider the ideal progression of a ransomware attack from the attacker’s perspective.
1. Use ransomware to encrypt a targeted system
2. Threaten to delete all contents of a targeted system if a ransom isn’t paid
Understanding this, the consensus amongst security-minded businesses was that keeping an isolated backup was the perfect failsafe against such an attack. After all, with the backup to fall back on, the encrypted data could be deleted and replaced with relatively minor cost to the business. This is one of the many, many reasons we always recommend a business to keep a backup squirreled away.
Unfortunately, as will always be the case with cybercriminals, these practices encouraged them to adapt their processes. Lately, more and more attacks are following a slightly different method than what we’ve been seeing:
1. Steal data from a system, using ransomware to encrypt it after the data has been harvested
2. Threaten to delete all contents of a targeted system if a ransom isn’t paid
4. Threaten to leak or sell the stolen data unless a second ransom is paid
5. Profit again
This double-whammy approach to ransomware first came onto the scene in late 2019, and has exploded since. One recent survey found that 77 percent of ransomware attacks now come with threats to leak data if a ransom isn’t paid. This same survey also revealed that such attacks are increasingly directed against SMBs, who have considerably fewer resources than enterprise-level targets.
So, if keeping a backup no longer helps to squash the entire threat, what can a company do?
How a Business Can Resist Ransomware
First, it will help to understand how the majority of modern ransomware attacks begin. About half are enabled by a cybercriminal’s ability to compromise remote desktop software (through stolen or guessed access credentials, or through an unpatched vulnerability). This means that any organization can more effectively prevent ransomware by reinforcing its password security and user management.
By implementing password requirements that better align to best practices and then reinforcing them through two-factor authentication measures, your business can help eliminate much of the risk of an insecure password. Supplementing these measures with a password management platform can make it that much simpler for your users to utilize sufficiently secure identity authentication, benefitting your organization considerably.
Finally, it helps to invest in a dark web monitoring service, as this can help you identify if any of the passwords or data that your organization relies on has been compromised and exfiltrated. While it won’t help to undo any damage that has already been done as a result, this knowledge can help you identify your weak points and resolve them.
While we wish we could say that this is the last time that a cyberattack method will ever get progressively worse, we simply can’t, so we all need to do whatever we can to stop them. That’s where Jackson Thornton Technologies and our services come in. Learn more about what you need us to do by calling 334-834-7660.
Tip of the Week: 11 Ways to Instill Security Awareness in Your Team
While it really would be a nice thing to have, there is no magic bullet for your business’ cybersecurity—no single tool that allows you to avoid any and all issues. However, there is one way to help make most threats far less likely to be successful: building up your company’s internal security awareness amongst your employees and team members. Let’s go over eleven ways that you can help ensure your company is properly protected, simply by encouraging your employees to take a more active role in guarding it.
11 Ways to Make Sure Your Team is On Their Guard
In order to fully absorb the lessons that your security training is meant to impart, your team members need to be engaged in the training. One famously effective way to encourage this is to make it fun (at least to some degree).
Running simulated attacks, with incentives given out to motivate your employees to do their best in identifying and reporting them, with help to reinforce the positive behaviors you want your team to exhibit if and when they have to contend with the real McCoy. This also allows your employees to gain practical experience with a live threat, so to speak.
Incorporate Security Awareness into Onboarding Strategies
There’s a lot that has been said about the impact that a first impression can have, so it only makes sense to have one of the first impressions you place onto your newly-hired employees be the importance of cybersecurity. Instilling good security habits early on will only help your organization resist more threats in the future.
Make It Understood that Mistakes are Expected
Accidents happen, and the best-laid plans of mice and men often go awry. Regardless of how well your team is prepared, there is almost certainly going to be a slip-up somewhere down the line. Part of your security training has to be the acknowledgment that there will be mistakes made by your employees, and the publicized acceptance of that outcome.
If your team members expect to be punished for their mistakes, they will only work harder to hide them. You need to know about these issues so that they can be resolved, and your team members educated so that these mistakes are not repeated.
Shape Training to Your Team’s Situation, Work Roles, and Age Groups
Chances are, your team members are not a monolith… in addition to the many different roles that they likely fill, they come from a variety of backgrounds, age groups, and other differentiators. As a result, a single method of teaching isn’t likely to work equally effectively amongst them all.
While it is important that everyone is trained, it is equally important to remember that not everyone will respond to a given form of training in the same way. You need to diversify your training strategy to involve a variety of methods to account for the various learning styles your team members are likely to exhibit.
Keep it Short, Sweet, and Frequent
Long, cookie-cutter training sessions are a great way to disengage your team from the lessons that your training is meant to impart. Substituting marathon-style training for shorter, more frequent “sprint” sessions will help keep your team interested, and will allow for more consistent training to take place.
Use Different Mediums
Much in the same way that your training needs to account for various learning styles, your training should come in different formats. Basically, you don’t want your training to exclusively be presented as group lectures delivered to the team (or whatever your chosen default is). By switching up the format, you help to make your training more impactful, which will help it stick better with your teammates.
Encourage Them to Share Lessons with Their Families
One of the best ways to ensure that your employees fully understand the cybersecurity principles that you’re imparting upon them is to encourage them to pass on these messages themselves to their families. Not only will this help make their home security more robust, it will reinforce the habits that you want them to uphold.
Select Company Security Leaders
Identify the people in your company who take to the security practices that you impart most effectively and empower them to take a leadership role in terms of your company’s security. Not only will this give you a more focused security infrastructure, it helps you to more completely fill your company with your message.
Keep Your Material Fresh
While it might seem like a good thing to have your team members be able to recite your training materials by heart, there’s a difference between rote memorization and really absorbing the lesson. Switching up the lessons will help to keep your team sharp, engaged, and on the alert.
If you want to know how you can make your training more effective, the best way to find out is to ask your team members. Ask them what resonates with them, what they could use more help with, and (most importantly) what they don’t know enough about yet. While it may sound funny to ask your team members what they don’t know, they’ll likely let you know what they feel less confident about (thereby giving you the opportunity to remedy it).
Emphasize Why Training is Necessary
Another reason that your team may not respond well to training is because they simply don’t appreciate why it is so important. Incorporating the why into your training, alongside the how, is sure to help your team become more accepting of the necessity of training.
Jackson Thornton Technologies is here to help your newly-security-focused team members identify and respond to threats more effectively, assisting them however we can. Reach out to us to find out more about our security services by calling 334-834-7660 today.
Hackers Start Beef with JBS Ransomware Attack
Last weekend saw a significant cyberattack waged against the world’s largest meat processor and distributor, JBS S.A., that completely suspended the company’s operations in both North America and Australia… and as a result, has impacted the supply chains associated with the company. Let’s examine the situation to see what lessons we can take away from all this.
What Happened to JBS S.A.?
Over the last weekend of May 2021, JBS’ global IT systems were targeted by a ransomware attack that completely shut down the meat processor’s operations in North America and Australia. Seeing as effectively each step of the company’s operations (from livestock procurement all the way to export and shipment) rely on some kind of technology, everything was put on pause.
Fortunately, JBS had implemented backups, and have therefore been able to restore their systems and are returning to operation. Furthermore, there has been no apparent evidence discovered suggesting that any customer, employee, or supplier data was compromised in the attack.
However, this does not mean that there is nothing more to examine surrounding these events. Let’s go into the major takeaways that need to be addressed.
First of All, Who’s Responsible, and Who is Involved in Fighting Back?
There has been no indication that any activist groups were involved in the attack. Rather, sophisticated cybercriminals—the sort that have been previously associated with Russian cyberattacks—have been assigned blame for this attack. Along with the Federal Bureau of Investigation’s interest in the cyberattack, the United States government has been in communication with Russia concerning these efforts.
The Australian Cyber Security Centre has also been providing their assistance, although they would not disclose what the nature of this assistance was, while the company was also working with both the Australian government and the Australian Federal Police to more assuredly identify the responsible party.
The Impacts of Ransomware and Other Threats
While ransomware is still relatively new in terms of mainstream threats, it has grown from a concerning eccentricity to a global concern in the few years it has been popularized. More than a threat that simply locks down a computer or network, ransomware now involves an element of exfiltration—not only is the target’s data deleted unless a ransom is paid, it is also stolen and sold unless a second ransom demand is also paid up. This form of attack is closely associated with exactly the groups that are suspected of conducting the attack on JBS.
Fortunately, JBS was smart and had protected themselves ahead of time by implementing a backup solution. This is precisely why we always encourage businesses to do just that: the backup serves as your business’ insurance policy should your operations ever be targeted by such an attack. Unfortunately, this isn’t unlikely as many such attacks are spread through automated phishing campaigns and other hands-off means of dispersing malware.
At Jackson Thornton Technologies, we’re committed to helping businesses resist cybersecurity issues of all shapes and sizes, along with helping you manage your IT in the operational sense. Start a conversation with us by calling 334-834-7660 today.