This is a post series on cyber crime. For more posts click here or the cybercrime tag below.
Looking at ransomware for the past six months or so has made it clear, to me at least that the way that network security has been dealt with in the past has been a failure. I think that it’s become a good chance that if you are a business it’s not if you will get hit by ransomware, but when. The approach this post below seems to be taking is the one that a business in a bad neighborhood with no real policing takes, having gates and grates on the doors and windows, reinforced entryways and protection money in the till, just in case.
“While some companies have created Bitcoin wallets in order to have ransom money on hand, it is important to note that the FBI strongly discourages extortion payments, and that recovery either may not be forthcoming or even possible,” says Kenneth Geers, senior research scientist at New Jersey-based Comodo and ambassador at the NATO Cyber Centre. “In short, once your network is compromised, nothing is guaranteed.”
Whether there’s any other option than to pay depends on what backup and contingency plans are in place, experts say. A fully backed up system that takes hours or days to recreate may be intolerable if the time lag means the loss of business-critical applications or puts lives in danger. And a clean backup won’t prevent attackers from using the data they’ve stolen for extortion.
“I believe medical information and other PIN data will be prime targets for [ransomware] attacks,” says Robert Liscouski, president of Implant Sciences Corp. and a former official at the Department of Homeland Security. “Small businesses and doctors can least afford a ransomware attack, but are likely the most vulnerable since they often don’t invest the necessary resources to protect themselves,” he says.
Some of the most important preventative measures depend less on the amount of money spent than cybersecurity best practices. “If an attacker really wants to get to a target, and is willing to put whatever resources to persist through, it is almost impossible to defend against,” says Lillian Ablon, a data scientist at the Rand Corp. in Santa Monica, Calif. The goal, she adds, is “to become less of a juicy target that might make the attacker move on to someone more vulnerable-looking.”
Ablon’s anti-ransomware to-do list includes multifactor authentication, encrypting data both in transit and at rest and “air-gapping” critical sections of the network. She also advocates conducting mock ransomware attacks as part of user awareness training and simulating the high-pressure tactics of extortionists rather than a simple data breach drill.
Those defensive measures should be supplemented with a hunt for ransomware before it latches on to your data, says Andrew Plato, CEO of Anitian, an Oregon-based cybersecurity consulting firm. “Ransomware does not just show up one day and immediately cause problems,” he says. That means you must spot the attack while it’s in its infancy, while the malware is just taking hold in the environment. “You need more than just firewalls and anti-virus software. You must coordinate and unify those technologies into some form of security analytics platform.”
With all the fuss over the election, ransomware was sort of driven out of the public attention. Meanwhile the attacks have continued to grow and the number of businesses and individuals getting hit just keeps going up.
I think that one thing that’s happened is that until ransomware, nobody took malware and viruses as something that was really destructive. For seemingly forever I’ve been hearing about how we needed to protect ourselves from viruses, but really nothing was done to make things truly secure because there were too many advantages to having those backdoors and update systems. It was easier to just evolve things as they were rather than take the kernel changes to make things truly secure. All the while, networking has just made the potential for real damage worse. Well now we have real damage. Here’s the week in ransomware.