Elly Yates-Roberts |
Ransomware attacks have escalated to the point that the US government is now treating them as acts of terrorism. This is not an overreaction. These attacks have caused massive operational disruption to local governments, law enforcement, educational institutions, healthcare networks, critical infrastructure, and more.
Ransomware is not a new threat, but it has evolved into a more destructive creature. Criminals have expanded their skillsets and refined their tactics to create a double extortion scheme. They base their ransom demands on research they perform ahead of the attack. They steal sensitive data from their victims and demand payment in exchange for a promise to not publish or sell the data to other criminals. Victims who pay are often contacted several months later and asked for another payment to keep the stolen data secret. Some ransomware criminals will accept payment but sell the data anyway.
There has never been any guarantee that paying a ransom would result in the recovery of all encrypted data. Victims should understand that data stolen in a ransomware attack is compromised forever.
Protecting your company from ransomware attacks is all about protecting your data. You can break this down into three focus areas:
Protect your credentials. Phishing is the primary attack vector for ransomware, so you must maintain a culture of awareness around credential security. Develop a process to train users on email security and deploy anti-phishing technology that can identify and flag unusual activity.
Secure your web applications. Online applications like file-sharing services, web forms, and e-commerce sites can be compromised by attackers. Web applications are attacked through the user interface or an API interface. Once the application has been compromised, the attacker can introduce ransomware and other malware into the system.
Back up your data. It is critical that your back-up is comprehensive, so that you know the location of all data on your network, including configuration files, user documents and archived data around employees. All this data should be backed up.
The safest approach is to deploy a back-up system that replicates data to a cloud, offering unlimited storage and a robust search and restore capability. Office 365 users should add third-party cloud backup to protect SharePoint, Teams, Exchange and OneDrive data.
You should assume that there will be ransomware attacks against your company. If the attack is successful, you should have a plan to not pay the ransom.
Tim Jefferson is senior vice president of the data, networking and application product division at Barracuda Networks
This article was originally published in the Autumn 2021 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.