Ransomware attacks are often unexpected and tragic to all those who fall prey to them. Unfortunately, the pandemic has exacerbated cybercrime, with ransomware incidents surging practically 150% worldwide over the past few months.
Lanworks President Eric Rydzkowski highlights how these attacks can impact organizations in a recent webinar, Tales From the Trenches, Ransomware Attacks:
“The loss of business [for ransomware victims] is huge: idol staff that can’t access systems, financial penalties… brand damage, the hard cost itself for recovery, ransom paid… the list goes on. And the number of countless hours that the IT staff have to work to actually recover the business and get it on its feet is paramount.”
Access highlights from the webinar below for essential information that can help protect your organization from a potential ransomware attack and improve your ability to recover from one.
Understanding Ransomware Attackers
Ransomware attackers typically have a single goal in mind: earning the most amount of money possible. When a company’s information is compromised and encrypted, attackers will demand a significant payment in cryptocurrency — which is often equal to as much as $1,000,000 USD — in exchange for the decryption code. If that fee is not paid, it could double. Failing to pay the fee will result in the perpetrators auctioning off the data on the dark web. Throughout the webinar, Rydzkowski breaks down how these money-driven attackers are able to take hold of private information.
The majority of information security breaches often begins with an interaction between a user and a fake email. These emails are so well crafted that it takes a trained eye to determine if it is fake or real. Once a standard user credential is harvested via a fake login page, the perpetrators have access to the corporate environment. Once inside, they can use one of many free tools readily accessible on the internet specifically designed to conduct brute-force password hacks, continuously guessing passwords until they find a privileged credential that works.
“It may not be an admin password initially, but at least it will be the password of a user,” states Rydzkowski. “That’s the first entry into your network, and that can be catastrophic in itself.” Once an attacker has their foot in the door to your network, they will try to gain access to an admin credential and destroy your backup servers, blocking your ability to recover from their attack.
Preparing Your Business for a Ransomware Attack
It’s nearly impossible to ensure your networks are 100% impenetrable to cybercriminals in the digital world. It is, however, possible to give cybercriminals a big enough challenge that they leave you alone.
According to Rydzkowski, “you have to make it so that all of your neighbours are easier to break into than you.”
Rydzkowski recommends major best practices throughout the webinar for strengthening your cyber defences, including the following tips:
- Set up two-factor or multi-factor authentication (MFA): Organizations dealing with ransomware attacks that approach Lanworks typically did not set up MFA as a preventative measure before the attack.
- Make all user passwords hard to guess: Passwords should be at least ten characters, use upper and lowercase, and rely on special characters so they are challenging to crack.
- Take your Backup Server off the Domain: If a perpetrator obtains a privileged AD credential it will give them access to your backup server which is the first thing they will encrypt. If the server is off the domain they will not have access to this critical server.
- Keep three copies of your backups: Use the 3-2-1 rule. Have 3 copies of your data, 2 backup copies on two different media and 1 copy offsite.
- Back up your servers often: Business-critical servers should be backed up frequently depending on how essential new information is. Some companies may choose to back up their servers as often as three or four times a day.
- Educate your users: Educate your users and conduct phishing tests to ensure all users at your organization understand how to identify fake emails and login pages.
- Invest in ransomware insurance: In a worst-case scenario, ransomware insurance will help keep your organization afloat and on the road to recovery following an attack.
The Recovery Process
In terms of downtime, Rydzkowski notes that it can take anywhere from two days to two weeks or longer to get a business back online and running after an attack. Once a ransomware attacker has done damage, your company’s journey to recover will depend on how well you prepared yourselves before the attack. As long as the attack has not compromised your backups, the first step is to create a completely isolated “clean” network to start the restore process. Consider using two different Next Gen Antivirus products to scan each restored server. Reset all passwords..
Just be sure not to rush the process. If you rebuild your network and then accidentally connect an infected PC, it can re-infect the cleaned servers you just restored. If you cant restore your data because your backups are also encrypted and paying the ransom is your only option, hire a professional ransom negotiator. Ultimately, the more knowledge you can acquire about ransomware attacks, the more likely you are to avoid one.
Empower your organization with all of the facts, insights, and best practices to stay safe and operational by watching the full webinar here.
You don’t have to outrun a bear, you just have to outrun your friend.
In other words, you don’t have to build Fort Knox but you want your house to be much harder to break in than your neighbors
– Eric Rydzkowski.