Ransomware Has Gotten So Bad, It’s Aligned with Terrorism
Ransomware has rapidly progressed from an irritating annoyance to a legitimate global threat, with the U.S. Justice Department officially going on the record and establishing that future ransomware investigations will be handled the same way that terrorism cases are now. Let’s review the reasons behind this policy change and how your business should respond.
How Much Worse Has Ransomware Gotten?
Let’s look at this somewhat casually.
Ransomware was never something to be trifled with. However, compared to the attacks we’re seeing today, the attacks of the past seem to be small potatoes at their worst. Having your business’ data encrypted is bad. However, crippled supply chains and interrupted national infrastructures (as we’ve seen in the recent attacks on JBS SA and Colonial Pipeline) are undoubtedly worse.
The dangers that such ransomware attacks pose cannot be understated, and no business is truly safe. The White House recently said as much in their warning to companies in regards to their cybersecurity preparations.
This is Why the US Justice Department is Speaking Out
Understandably concerned about the ramifications such threats could easily pose to national security, the Department of Justice has joined with the White House to draw a line in the sand. As their way of responding to what they accurately described as a “growing threat,” investigations into ransomware cases will now be handled similarly to how terrorism cases are… all stops taken out in terms of what tools are used.
Other Governing Bodies are Following Suit
Likewise, in response to the JBS hack and the potential economic ramifications it will likely cause, the US Congress is now considering the lack of federal oversight into the cybersecurity protections implemented by meat processors. Such oversight could help to create a more unified strategy to help prevent and mitigate these kinds of attacks and their widespread impacts.
Ransomware Threats are Also Getting Worse
In addition to many ransomware attacks being waged on bigger, higher-value targets, the strategies involved across the board are evolving. Just consider the ideal progression of a ransomware attack from the attacker’s perspective.
1. Use ransomware to encrypt a targeted system
2. Threaten to delete all contents of a targeted system if a ransom isn’t paid
Understanding this, the consensus amongst security-minded businesses was that keeping an isolated backup was the perfect failsafe against such an attack. After all, with the backup to fall back on, the encrypted data could be deleted and replaced with relatively minor cost to the business. This is one of the many, many reasons we always recommend a business to keep a backup squirreled away.
Unfortunately, as will always be the case with cybercriminals, these practices encouraged them to adapt their processes. Lately, more and more attacks are following a slightly different method than what we’ve been seeing:
1. Steal data from a system, using ransomware to encrypt it after the data has been harvested
2. Threaten to delete all contents of a targeted system if a ransom isn’t paid
4. Threaten to leak or sell the stolen data unless a second ransom is paid
5. Profit again
This double-whammy approach to ransomware first came onto the scene in late 2019, and has exploded since. One recent survey found that 77 percent of ransomware attacks now come with threats to leak data if a ransom isn’t paid. This same survey also revealed that such attacks are increasingly directed against SMBs, who have considerably fewer resources than enterprise-level targets.
So, if keeping a backup no longer helps to squash the entire threat, what can a company do?
How a Business Can Resist Ransomware
First, it will help to understand how the majority of modern ransomware attacks begin. About half are enabled by a cybercriminal’s ability to compromise remote desktop software (through stolen or guessed access credentials, or through an unpatched vulnerability). This means that any organization can more effectively prevent ransomware by reinforcing its password security and user management.
By implementing password requirements that better align to best practices and then reinforcing them through two-factor authentication measures, your business can help eliminate much of the risk of an insecure password. Supplementing these measures with a password management platform can make it that much simpler for your users to utilize sufficiently secure identity authentication, benefitting your organization considerably.
Finally, it helps to invest in a dark web monitoring service, as this can help you identify if any of the passwords or data that your organization relies on has been compromised and exfiltrated. While it won’t help to undo any damage that has already been done as a result, this knowledge can help you identify your weak points and resolve them.
While we wish we could say that this is the last time that a cyberattack method will ever get progressively worse, we simply can’t, so we all need to do whatever we can to stop them. That’s where Jackson Thornton Technologies and our services come in. Learn more about what you need us to do by calling 334-834-7660.
Four Considerations for Your Business’ Security
Millions of people find themselves sitting in front of a computer moving files around and corresponding with people over the phone, through email, or updating info in the company’s line of business app. What many of them don’t know, however, is that, at any time, they are only a couple of clicks away from causing major problems for their company. This is why it is extremely important to train your staff on what to look for and how to address those situations when they do arise.
To understand the desperate nature of this issue, you simply need to look at the global statistics. According to the Internet Society’s Online Trust Alliance (OTA), 2019 saw losses of over $52 billion as a result of cyberattacks, of which roughly 95 percent could have been avoided through simple, common sense actions and procedures. Additionally, these figures are expected to grow rapidly in the future.
That’s why it is essential that your business, aside from your dedicated network and cybersecurity strategy, comes up with a plan on how to properly train your staff with procedures that won’t stymie your business’ ability to be productive. How you go about doing that is up to you, but this month we thought we would share a few strategies on how to effectively get this done.
Get Your Employees to Understand
Educating a bunch of people (who don’t work in security) to learn about something as yawn-inspiring as network security isn’t impossible, but it takes a little creativity. If someone can relate to a victim, it’s easier for them to do things they wouldn’t typically do because they don’t want to be responsible for another. Use real world examples in your education materials. Chances are many of them have been the victim of identity theft or they’ve had their data leaked as a result of negligent behavior. Show them that many of the things they can do to protect the company are things that they already do to protect their own data.
Create a Culture of Security
If history has taught us one thing about people, it is that people are impressionable. If they are constantly surrounded by a certain message, they will typically accept that message. Creating a company culture that is rooted in security will do a lot of the heavy lifting for you. If your company consistently pushes the need for comprehensive security, you better believe that most of your staff will get the message loud and clear.
Keep Training Consistent
Pushing security can go a long way, but without training that is designed to educate exactly what problems are being addressed by the procedures that are put in place, the whole thing is completely pointless. Employees need to understand:
● How to avoid becoming a victim of phishing
● What network resources they have access to
● The importance their role has in protecting company and customer data
● Solid password management and best practices
● What to do if they do make a security mistake
If every employee you have has a good handle on these five concepts, there likely won’t be a network security disaster coming from your staff in the near future.
Lead By Example
Obviously, in the average employee’s mind, network security, like physical security, is nothing they are inherently concerned with. If they follow procedure, there should be no problem. They figure that decision makers take the time and effort to address these issues and deploy the systems that are needed to protect the business. Not only that, many workers consider workplace security a C-suite issue. Firewalls, antivirus, multi-factor authentication, mobile device management, and intrusion detection are largely looked at in the same way as digital surveillance, access control, printer management, and a slew of other security systems that are controlled by people outside their expertise. In fact, many people look upon these systems as ones that serve to protect the business from them rather than working to protect the business.
Leading by example means that you do the right things and expect that your team follows suit. Being more supportive than demanding is a good way to start. People that aren’t that strong with technology won’t always get it. Unfortunately, it only takes one instance to really create problems, so they must. Instead of being frustrated at their lack of understanding, create documentation and resources that will help them. Work with them to make them understand just how important it is that they need to follow these procedures. They don’t need to understand the workings of complex IT systems, they just need to avoid the big mistakes that could cause major problems for the company.
At Jackson Thornton Technologies, we can help your business put together a plan to help you protect your business from end to end. Our IT professionals can help you put together procedures and a training plan that will give your business the resources it needs to stay secure. To learn more, call us today at 334-834-7660.
Cybersecurity Lessons to Be Learned from the Colonial Pipeline Attack
Headlines have been filled with news pertaining to the recent hack of Colonial Pipeline, which has created significant gasoline shortages up the east coast of the nation. While the pipeline has been restored, the way this was accomplished sets a dangerous precedent. On top of this, the attack seems to have set off bigger infrastructural changes in the political space.
Let’s take a few minutes to dive into the situation at hand to see what insights can be gleaned from these events.
The Colonial Pipeline Situation
On May 7, Colonial Pipeline first became aware of a ransomware infection in its systems, prompting the fuel supplier to pull the plug on its pipeline operations along the southeast coast so that the malware wouldn’t spread. Leaning on a relatively new form of ransomware attack, those responsible for the attack—a group called Darkside—utilized a method known as double extortion, where the cybercriminal motivates their victim to pay up by not only locking their data down but also threatening to leak it out.
For its part, Darkside primarily operates as a kind of cybercriminal service provider, developing threats to provide them to other groups with their support.
In response to this threat, Colonial Pipeline quickly halted its operations… and as a result, a wide portion of the country experienced gas shortages due to the cutoff of supply. Many found themselves waiting for hours at the pumps, assuming that any gasoline was available at all. Despite stating that there were no plans to pay the almost $5 million in cryptocurrency that the hackers were demanding, it has been reported that the company did ultimately do so. Once the payment was received, the distributor was provided with a very slow decryption tool that they supplemented with their own backup solutions.
This situation has highlighted a few serious considerations that will need to be addressed by businesses of every size, while also revealing a few things about the current state of cybersecurity in clearly critical pieces of infrastructure.
Ransomware-as-a-Service is a Serious Threat
Darkside had risen to prominence in a relatively short time in the cybercriminal business world, creating a network of affiliate hackers to collaborate with for a share of the cut. With a net gain of at least $60 million in its seven months of existence ($46 million of which came in during Q1 2021 alone), this approach is apparently quite lucrative. While the affiliate hackers retain the majority of the ransom fees, Darkside handles a lot of the work on their behalf: writing the ransomware itself, billing the targeted victims, hosting the data that has been stolen, and even serving as the cybercriminal’s IT support and PR team.
This is serious, simply because it can significantly lower the barrier to entry that cybercriminals face when implementing ransomware, making it a feasible attack vector for more of them to put into place.
Double Extortion Makes Ransomware Even Worse
You may have caught that Colonial Pipeline did, in fact, have a data backup available to them… so, it may seem confusing that they still paid the ransom to have their data released. After all, the data backup should have enabled them to simply wipe and restore their entire infrastructure from scratch.
It’s the fact that this attack was using the double extortion method that makes the difference. Instead of simply threatening to delete the data if the ransom is not paid, a double extortion attack doubles down by threatening to leak the data if the ransom is not paid in time. Depending on the industry that is being targeted, some of this data could bring significant repercussions to the business that allowed it to leak. Government regulations and public opinion can both bring down serious consequences once data is leaked, so it makes sense that Colonial Pipeline would choose to bite the bullet and pay up instead. We still don’t recommend that ransomware demands are paid, but time will tell if this method of attack becomes more popular and forces us to reconsider.
Events Like These Will inspire Cybersecurity Improvements
Partly in response to these events, U.S. President Joe Biden signed an executive order intended to boost the cybersecurity protections in place surrounding critical infrastructures for the government and private sector companies alike. This order includes the founding of a task force committed to prosecuting hackers that utilize ransomware, as well at the removal of any contractual barriers to reporting breaches within federal agencies and a deadline of three days to report severe cyberattacks. With such attacks happening with higher frequency than ever before, it will be far more critical for businesses to consider these improvements crucial to their continued survival.
Situations like these make it clear that cybersecurity isn’t going to get any easier for businesses to manage from here on out, so it will be important to have a trustworthy resource waiting in the wings to assist your operations. Jackson Thornton Technologies can be that resource for you. Give us a call at 334-834-7660 to start a conversation about what we can do for you.