Cybercriminals are having a field day targeting business and government IT infrastructures. You can no longer assume that these criminals only go after weak or poorly secured targets because it’s simply no longer the case.
In order to keep your business, your customers, and your employees safe from the prospect of ransomware attacks, you need to fully understand the threat and implement a sophisticated solution that reduces the risk to your business. That solution must also provide a sure path to recovery should you find that your best efforts to avoid an attack have still failed. (WEBINAR INFORMATION BELOW)
The New Era of Ransomware
How many news stories will be watch before the message of how this new era of ransomware is different sinks in? Cybercriminals are patient and intelligent, and they use increasingly sophisticated techniques.They’re not just lazily sending out links and seeing what works for them; they learn about the companies, or the government entities, they target and their specific networks. They price out the ransom in the same way an ordinary IT vendor might. After biding their time, they strike when the company or municipality is most vulnerable and least able to respond competently or decisively. This increases the pressure on the victim to pay the ransom because they’re caught entirely off guard. And furthermore, once one ransom has been paid, that entity becomes a bigger target for future attacks.
How to Protect Your Employees and Business from Ransomware Attacks
Let’s look at some of the specific steps your business can take to address the threat of ransomware using a combination of best practices and Enhanced Data Protection. We’ll start with the low-hanging fruit, the basics, and then detail how our next level of DRaaS and cyber security solution provides you with the confidence to know your data is safe with a quick video recap of a conversation our CEO and CIO recently shared with Petri at VeeamON 2019.
Adopt a ‘Not If, But When’ Mentality
The scale of threats to every company’s biggest asset, its data, is now undeniable. Your business is going to be targeted at some point. While you can’t stop a hacker from trying to penetrate your systems, you can stop the attacks being successful or impactful. Making your employees aware that the business is likely to be targeted should help to keep them more alert to the threat.
Restrict Abilities and Privileges
Restricting your systems to least privilege access can be helpful. Assess user roles and evaluate who needs access to platforms and data. Limit admin roles to only the most highly trained and reliable staff.
Employee Training on Cybersecurity
The first and perhaps the most important thing for you to do is to educate and train the entire organization on how to recognize a phishing attack or other suspect online activity. When they understand how to spot and avoid these pitfalls, you’ve already raised your shield.
Patching and Keep Devices Updated
Outdated devices or software creates vulnerabilities so a routine update for all company and personal devices connected to your network is imperative. Devices less exploitable when they have the newest version in place. Those annoying software updates incorporate fixes and patches that relate to security. Having a proper patching program is critical.
Undertake a Security Checkup
A routine threat assessment should be part of every IT department’s SOP. Examine where your own vulnerabilities may be, internally or with suppliers, and spin up your recovery environment to ensure that it contains all of your company’s data. Having an assessment by an external company provides a fresh set of eyes to see where insider threats exist or a hacker’s point of entry may be.
Backup and Recovery Plans
If you’re confident that you have a clean backup and recovery plan in place, there’s considerably less pressure to pay a ransomware demand. Here’s how Global Data Vault utilizes Veeam and Enhanced Data Protection to provide a fully managed defense against today’s cybercrimes.
If you’d like to learn more about the threats to your business and how to protect it, join us for our webinar on June 4that noon CST where we will discuss:
What is the “insider threat”?
What the current malware threat is and how insider access is used against targets
How to protect against insider attacks effectively
Register HERE or contact us at email@example.com
Ransomware attacks are becoming more common and more sophisticated, so be sure to stay up to date with how the tactics of cybercriminals are changing and developing over time if you can. That way, you’ll be able to stay ahead of the curve and get better at protecting your business and its employees.
There’s a saying, “Make sure everybody in your boat is rowing and not drilling holes when you’re not looking.” It’s a great analogy for some of the more recent high-profile incidents of cybercrime. While your company’s best efforts to thwart cyber attacks may be working, your suppliers may be offering up vulnerabilities that are too tempting for hackers to resist. When their systems are infiltrated, yours is also at risk.
A recent wave of attacks has a noticeably common thread within its approach to stolen information. Instead of attacking robust security head-on, the hackers targeted international suppliers. By exploiting vulnerabilities in the suppliers, they were able to access huge swaths of email and direct communication data. From there, they were able to steal login credentials and gain access to the data they really wanted. While each hack has its own unique goal, the bulk of the cybercrime was aimed at harming financial institutions, disrupting American infrastructure and stealing intellectual property.
International Cybercrime on the Rise
U.S. agencies and companies are experiencing a dramatic increase in cyber-attacks from foreign hackers. That news comes courtesy of reports from the United States government and research by FireEye. Both groups have independently confirmed that cyber-attacks from Iran and China are both on the rise. In the meantime, Russian attacks have never ebbed.
To give this more context, a string of attacks in January targeted several major businesses including Boeing, General Electric Aviation, T-Mobile and Airbus. Initially, researchers experienced difficulty identifying the source of the attacks, but later concluded that all of the attacks were part of a unified effort from Chinese hackers. Also noteworthy that during the same period, Iranian hackers were credited with stealing information from a number of United States banks and government agencies.
Increasingly Sophisticated Attacks
The fact that these attacks have been successful caught many security experts off guard as they have sophisticated cybersecurity in place. Government agencies and financial institutions, in particular, have been expecting retaliatory hacking from Iran since a new wave of sanctions hit the country. Even with that anticipation, the hackers were able to find new ways to achieve their goals.
This elevated approach to hacking and the substantial support these nefarious groups have gained offers a valuable lesson. Simply upgrading your own security systems will not always be enough to protect your data, and all this makes the 3-2-1-1 rule for backup strategy imperative. Safeguards and airgaps are necessary to create that extra ring of security between your business and other businesses that regularly interact with you. In the light of the everchanging landscape of cyber security, it’s time to evaluate your own vulnerabilities and ensure a swift plan of action is in place.
The internet is an amazing, useful and often wonderful thing. It’s also a giant mess. For every resource it gives your business that helps you succeed, it also offers a threat. Not-safe-for-work embarrassments aside, there are some genuine dangers on the internet that can destroy even the strongest businesses. Perhaps the ultimate bogeyman today is ransomware. There’s no gentle way to say this. You need both preventative and responsive measures in place to deal with ransomware, and you need them today.
We have a great deal of first-hand experience helping companies get beyond malware attacks. The pain we have seen is completely frightening. In the interest of seeing a bit less of this, here are a few thoughts on the subject.
What Is Ransomware?
In short, ransomware is a specific category of malicious software. As the name suggests, it involves holding digital assets hostage for a ransom. To put it in simpler terms, the malicious software will lock you out of accessing some or all data or applications on the infected device. It’s pretty easy to see how crippling this can be to any business. What’s even scarier is that ransomware can, and usually does, spread across your network.
Who Is at Risk?
Technically speaking, any device that has access to the internet is at risk for a ransomware attack. In practice, it’s not quite so bleak. Cybercriminals use this tactic to make money, so they’re going to target victims who have the money to pay the ransom and are more likely to do so. This means that every operating business in the world is a potential target. Businesses in industries that are particularly data-dependent are the biggest targets of all. This includes health care and, ironically, tech companies.
Chances are that you invest a pretty penny in keeping your network and data safe. That’s a great thing, but even leading IT experts have fallen victim to ransomware. The problem is that crafty criminals exploit human error in order to get past security. If you employ more than one person, your personnel increase your risk of getting hit by an attack.
You might rush to retrain your staff and work on preventative measures, and that can work, but it’s important to understand the simple way a lot of ransomware gets past security. It asks for permission, and if a user isn’t paying attention, they can grant that permission. Obviously, there’s a lot more going on behind the scenes to beat your firewall and software security, but this is an important part of the equation. Human error is inevitable, and it can eventually expose your network to ransomware.
There’s an additional risk factor with all malware, and it’s probably the most important. Anyone who pays a ransomer is immediately at higher risk for a repeat attack. If you’re willing to pony up the cash, then you’re the best person to target with more ransoms. It’s a simple cost/reward analysis for the criminals.
This all applies to your personal devices and network, by the way, so there’s an extra reason to pay attention.
How Do You Deal With It?
Ok. If you shouldn’t pay the attackers, how do you deal with the ransomware? The first step is to remove the malicious software. Your IT team should be able to handle this part pretty easily (most of the time). Unfortunately, that easy step of removing the software won’t unlock your data. It will only prevent the problem from expanding. Once data is encrypted, your options are limited. You can trust that cybercriminals are using powerful encryption algorithms to make sure you must pay them. It’s extremely unlikely that you can force the vault open without spending exorbitant sums of money and time. Brute force simply isn’t an option.
Now, if you’re in a tight spot and you need that data, you’re going to be tempted to pay the attackers. It’s important to remember that the people who illegally infiltrated your computer are operating on the honor system. You have absolutely no guarantee that paying them will result in getting your data back. In fact, many ransomware processes corrupt data. Remembering that paying also makes you a more likely target in the future. Paying a ransomer is often tantamount to throwing money away.
As frustrating as it is, this is another case where the best defense is a good offense — sort of.
Backups, Backups and More Backups
The best way to deal with ransomware is to never get it in the first place. Make sure personnel do know the basics. Don’t talk to strangers. If you don’t recognize the sender of an email, don’t download the attachments. Likewise, don’t give permission to strange websites or unknown applications to make changes to your system.
And when presented with a log-on screen in a browser ALWAYS look at the URL or address:
Be sure this is someone you know and trust – and beware of subdomains, for example:
Bla-bla-bla.microsoft.com is safe because the final part “Microsoft.com” determines where you are.
microsoft.ei.com – is almost surely DANGEROUS!
Every single device that connects to the network needs active antivirus and malware protection software. GDV provides the best security posture of any cloud-based DR solution. We extend LogRhythm, a Gartner Magic Quadrant SIEM solution, combined with Bitlyft,an automated, AI-based remediation solution for all customers’ backup repositories. This enables GDV to detect and shut down brute force attacks, unauthorized process execution, improper data movement, unexpected encryption – such as a malware attack, and other serious security threats.
But, as we’ve said, prevention isn’t foolproof. There is only one way to be completely sure that you can beat ransomware. You have to have reliable backups. In IT, we’ve called it the “3-2-1-1 rule” for a long time. Perhaps we should start calling it the “law of 3-2-1-1” instead. Here is what we believe, for all you data you should:
3 – Have at least three copies,
2 – Store the copies on two different media types,
1 – And keep one backup copy offsite,
1 – And finally keep one OFFLINE,
and use a professional cloud backup provider. The additional “1 OFFLINE” is what we call the air-gapped copy. For those of you who aren’t IT experts, the air-gapped, local backup is tape, a flash drive, an external hard drive, or even data server that is powered OFF. For this copy, unless it is actively updating its copy of your data, it should be completely disconnected from your network and other devices – and not have power!
The idea is that a physical barrier (air) exists between this backup and any device that could potentially infect it. It’s then your ultimate get-out-of-jail card.
If you are disciplined in the rule of 3-2-1-1, then defeating ransomware gets a lot easier. Once the malicious software is removed, you can delete the encrypted (and probably corrupted) copy and simply replace it with one of your backups. The best part is that this protects you from a lot more than just malicious software. Device failure, disasters, emergencies and anything else that can threaten your data will have a hard time getting all three copies of your stuff at once.
That about covers it. Keeping up with the names and specific details of ransomware attacks would be daunting. Stick to the best practices your line of defense is solid.
It’s not a matter of IF your business will succumb to hackers, a natural disaster, employee theft or other mismanagement of data. It’s a matter of WHEN. Naturally, it’s become common practice to keep safe backups of anything business essential, but how companies keep those backups varies considerably. Disasters are inevitable, and a disaster recovery plan is essential to business continuity. What is missing from many of those recovery plans however, is a fundamental understanding of air gap backups. They provide a final means of defense that can make a significant difference when recovering from a data disaster.
What Is an Air Gap?
An air gap, also called an “air wall” or “air gapping,” is a security measure that protects data from intrusion. The concept is simple: any device that isn’t connected to a network cannot be attacked remotely. The very name is derived from the principle. If the circuit is broken — or air exists between items in a network — then only a physical attack can threaten the data. In terms of disaster recovery, the idea is to place backups behind air gaps. This protects them from malicious software, direct cyberattacks and other corrupting threats. Typically speaking, air gaps are thought of as a final layer of protection for data integrity. More accessible backups are used more often, but if everything else fails, the air-gapped backups should provide a preserved copy and be capable of restoring the whole networks system.
Updating the 3-2-1 Backup Rule
You’ve probably heard of the 3-2-1 backup rule. It goes like this: replicate to at least 3 copies of your data, local hardware, cloud, backup cloud. Some companies store these copies on 2 different media (tape/disk/Cloud), and place at least 1 copy off-site/off-premise. This is a great start to a DR plan, but what if ransomware compromises administrative passwords or domain info that allows that backup copy to be corrupted? Adding the “1” step insulates the data from further damage. The backup rule is now 3-2-1-1. That extra “1” accounts for an air-gapped copy of your data.
Are Cyber Attacks Really a Risk?
Yes. Cyber attacks are a reality. Large companies will suffer a data breach of some type, and small companies are certainly not immune to a hacker’s interests. Every year new names are added to the long list of compromised data sheets. Any collection of employee, customer or user data is potentially worth attacking, and the frequency of attacks is on a meteoric rise.
According to a poll by CSO, the rate and variety of attacks is growing every year, and it is already the largest financial threat to most businesses. Estimates suggest that by 2021, the total cost of cyberattacks will hit $6 trillion. Clearly hacking has become big business. That additional air-gap “1” is critical in preserving a clean set of data from their meddlesome ways.
Challenges of Air Gapping
While air gapping can provide an ultimate line of defense, it comes with it’s own challenges. At the top of those costs is labor. When devices are completely disconnected from a network, they have to be physically accessed. This limits automation and requires man hours to do. Automated solutions do exist, but any device that is automatically connected to and disconnected from a network could potentially become compromised. There really is no way around this trade-off.
The other great challenge of air gapping is ensuring security. The walled devices are safe when they are disconnected, but at some point they have to communicate with other devices in order to update the backup. Hidden malicious software can be transferred during those updates. Global Data Vault minimizes this risk by providing enterprise-level security measures that detect any unusual data movement within the network.
By utilizing BitLyft on your networked account, we are able to monitor, detect and neutralize threats in real-time. BitLyft also provides automated incident responses to detect and neutralize future threats based on information gained from previous attacks, further offering a higher level of data protection. Ultimately, air gapping is part of a holistic approach to network security. IT professionals have been following the golden rule of triplicate backups for decades, and air gapping remains a key component to maintaining a fresh data set.
In the wake of Microsoft’s September 4 – September 5 South Central U. S. outage for Office 365 and Azure, it’s worth asking, should you be concerned with backup of your Office 365 data?
It’s your data, and while Microsoft normally does a good job with protecting it, it’s ultimately your responsibility. If it’s lost, especially if it’s not lost as a result of their failure, don’t expect Microsoft to race off to your rescue.
Fitness apparel manufacturer Under Armour gave us a good example of how companies can try to protect their user’s data but often fail to fully cover everything that needs protecting. The information that was stolen from Under Armour is minor compared to some of the data stolen from other companies hacked but still gives us a closer look at what hackers target, and that is why it makes our list of worst breaches of mid-year 2018. It’s a solid reminder that any security breach of this magnitude is significantly detrimental.
In late February of this year, Under Armour announced that its MyFitness Pal app had been hacked. With nearly 150 million users on their platform, the affected information included usernames, email addresses, and hashed passwords – the majority had been protected with the strong hashing encryption function called bcrypt, but other exposed information, including usernames and email addresses, was protected by easier-to-crack SHA-1 hashing.
This article by Wired explains how Under Armour, “had done a good enough job setting up its data protections that the hackers couldn’t access valuable user information like location, credit card numbers, or birth dates, even as they were swimming in login credentials.” Under Armour even had protected passwords but failed to protect all their passwords which lead to customers data being stolen.”
What happened after the hack is paramount. Under Armour had to conduct forensics to determine what was stolen, what data was vulnerable, and what was protected. But all that accomplished, really, was to allow users whose information was stolen to know it was stolen. It’s unfortunate, but there is not much more that can actually be done. High profile hacks such as the UA event shine more light on the questions about the overall security of your data and more importantly, how you will recover from a disastrous event. If Under Armour had a good backup copy of their data, they could best assess what was comprised and begin the best course of action to recovery. It begins with a good backup and disaster recovery plan.