It’s no surprise that the state of cybersecurity is constantly changing. Criminals will be criminals. Knowing this does not make it any less annoying to think that just when you have addressed one vulnerability, another one (or two) opens up. It can drive a business leader, who wants to just serve clients, grow, and enjoy work, nuts. The long list of threats just keeps growing like a field of dandelions field.
So What’s The Newest Ransomware Seed Taking Root?
Today, cybercriminals are publicly outing firms after they infect your systems with ransomware and you don’t pony up. No more private two-party kidnap negotiations. Now, it is on headline news and damaging both your reputation and your enterprise’s ability to operate. This is a VERY big deal for financial services firms.
In the past, you could get a limited ransomware infection, on one server for example, and if you were doing all of the right things, you could recover from a backup with minimal effort and move on with your day. No need to pay the ransom and you were back in business quickly. Ironically, hackers were actually helpful in recovering from the “infection” they had just threatened your systems with–once you anted up. (The easier they made it for the victim to move on the greater the chances that the injured party would pay.). Odd but true, it would be self-defeating for a ransomware hacker to infect your files AND make them unrecoverable. What fool would pay to get back destroyed files?!
In the latest ransomware attacks, when a firm does not pay the ransom, criminals are publishing the fact that you are infected. Then, to add insult to injury, they are proving it by sharing a sample of your documents online. Ransomware just went from kidnapping to extortion. Not a good sign for companies that don’t take cybersecurity seriously. Employee productivity, the enterprise’s ability to stay up and running, and your most valuable data are at serious risk.
“During ransomware attacks, some threat actors have told companies that they are familiar with internal company secrets after reading the company’s files. Even though this should be considered a data breach, many ransomware victims simply swept it under the rug in the hopes that nobody would ever find out.“
Lawrence Abrams
Founder of the computer security blog BleepingComputer.com
Still think it can’t happen to you because you have no important data or your business is not high profile enough? Think again.
RELATED: You really need to take Ransomware seriously
We had a financial services client get an infection. One of their advisers opened an email from the firm’s CEO, whom they had never personally met, in order to see the vacation pictures the CEO so generously wanted to share (Like we said, human nature.). We stopped the ransomware’s spread, recovered from a backup, and moved on from the incident with no one aware of what had happened. Today, victims need to tackle the additional, real, damaging threat of public extortion and its commensurate reputational risk in a reputation-driven business.
5 Steps Firms Can Take to Address the Latest Ransomware Threat
- Be prepared for the worse and have Backups, Backups, and more Backups. If your backups are in pristine shape, you are at least covered if a ransomware event hijacks all of your data.
- Educated your users. Educate them often and regularly. This can decrease your chance of a ransomware hack greatly.
- Have robust IT procedures and systems. Regular Windows and application updates, best of bread anti-virus, anti-spyware, and spam filtering applications, implement systems like End Point Detection and Response (EDR) and Multi-Factor Authentication (MFA).
- Immediately review your Incident Response Plan and follow those procedures. Don’t have one of those? Might be time you create one.
- Prepare yourself for a post-breach incident response drill. Once things are “back to normal” you have to ensure the original hack is really gone. Too often the hackers will leave some hidden access which they exploit later to infect you all over again.
If you find yourself and your data in the headlines, get a good crisis media relations firm. Stay in front of this as much as you can.
Here is a good article from KrebsonSecurity that gives additional insight and real-time examples.
