Published On August 05, 2021It used to be that ransomware was a nefarious incident that happened to somebody else—you didn’t worry about it too much because it was so infrequent. Well, that’s not the case anymore.
Cybersecurity and ransomware have been dominating the news. We see these incidents and are usually quick to dismiss them. From an attacker’s perspective, stealing data and holding it “hostage” is a highly effective way to get companies to pay up. As a result, hackers are regularly attacking companies’ vital information to get their slice of the pie.
“No company is safe,” according to recent news on why ransomware cyberattacks are on the rise. From attacks on software vendor Kaseya to the Colonial Pipeline, meat processor JBS, the New York transit system, and the ferry service to both Martha’s Vineyard and Nantucket, ransomware continues to cripple critical businesses and spans companies across all industries.
What is causing this uptick in ransomware attacks?
Our above cited news story shares the reason ransomware attacks have surged are due to the following:
Rise of more sophisticated methods to infect critical systems and hard-to-trace cryptocurrency
Work-from-home boom providing new IT vulnerabilities
Political climate marked by ongoing tensions between the U.S. and Russia
So, how do you prepare your organization?
If your company does become a victim of ransomware or some other form of data breach or loss, the availability and accessibility of “immutable backups” becomes key. This means ransomware will not be able to affect previously backed up data as it’s fixed and unchangeable. Being prepared against ransomware both offensively and defensively is a prudent strategy.
In addition to the basics of good security hygiene and educating employees to recognize potential threats, the following actions are also necessary for recovery success:
Set up a stringent schedule to regularly backup data critical to running your organization
Store a secure, air-gapped copy of your data offsite and offline as a second line of defense
Consider an endpoint backup and recovery solution for a more immediate fix for your remote workforce using a mix of desktops, laptops, tablets, and smartphones
Update your Business Continuity/Disaster Recovery (BC/DR) plan to include ransomware recovery procedures.
What happened with the Colonial Pipeline’s ransom recovery?
To give you a sense of a large-scale ransomware attack, we wanted to highlight what happened with the Colonial Pipeline and its recovery.
The federal government stepped in to recover half of the $4.4 million ransom paid to individuals in a criminal hacking group known as DarkSide—it seized approximately $2.3 million in Bitcoins. This is the first seizure by the new Department of Justice Digital Extortion Task Force, and they widely acknowledge ransom recovery is a rare outcome.
Typically, the federal government and security experts say companies should not pay ransom to hackers. Both agree that paying ransoms just encourages more attacks and doesn't necessarily guarantee that you’ll get your data back.
When CEOs are put in a precarious ransomware position, calling the DHS Cybersecurity and Infrastructure Security Agency (CISA) immediately is a smart move.
In direct response to the Colonial Pipeline attack, the U.S. government’s Department of Homeland Security’s Transportation Security Administration (TSA) announced a Cybersecurity Directive. It serves as the first cybersecurity regulation for pipelines that includes better coordination between the private sector and government with greater transparency around ransomware and other cybersecurity attacks.
To help with this enhanced government and private sector coordination, here’s what pipeline owners must now do with new threats:
Report confirmed and potential cybersecurity incidents to CISA
Designate a Cybersecurity Coordinator to review current practices and identify gaps
With these ransomware attacks hitting so many businesses, the federal government now recommends all businesses report attacks to the FBI and work towards implementing plans in place to address future threats.
CISA’s efforts to combat ransomware are not new. For quite some time, its position on the issue has been that ransomware is “the most visible cybersecurity risk playing out across our nation’s networks, locking up private sector organizations and government agencies alike.” The rise in ransomware these past few years is concerning, but the response by the federal government is encouraging.
Don’t let your company be vulnerable. Take action today to protect your data from future ransomware attacks with a solid cybersecurity strategy.