Defending Yourself from Ransomware

The Motive for Ransomware

How Hackers Plan a Ransomware Attack

The Ransomware Attack, Fallout, and Repercussions

Protecting Yourself and Your Organization from Ransomware

motive

As technology has evolved, threats have evolved with them. While many are familiar with malware and viruses, new threats have emerged. One of these threats is called ransomware. Ransomware is designed to prevent the attacked from accessing files or information in their systems until money is paid to the attacker. This is a favorite of bad actors for the quick and easy deployment, as well as the profitability. What’s more, you don’t need to be a tech-savvy hacker to employ a ransomware attack – software is purchased off the dark web and can be easy to use.

An eMarketer chart published in January 2020 found that 48% of senior executives at midsized companies feel malware and ransomware are their greatest cyber threat. Despite the recognition of this threat, only 45% have a contingency plan in place should an attack occur. What’s more, only 47% have proactive countermeasures in place of an attack and 37% hired an external consultant to identify threats. This poses a challenge: the threat is real and recognized, but is enough being done to protect one’s business from an attack?

We consulted with CDW cybersecurity experts on how ransomware attacks take place, the threats they pose, the fallout that could occur, and the unique threats that small businesses face. Finally, we talked about solutions and strategies to protect your organization against a ransomware attack

Think back to the movie Home Alone. At the very beginning of the movie Joe Pesci and Daniel Stern are going around a Chicago neighborhood posing as police to case different houses and better understand what each home has in security – as well as what they lack. A short while later, we see the two criminals again, demonstrating a mastery over each home’s system so they know which ones will be easy to burglarize.

Hackers are no different. For an attack that could happen in a moment, there are days and weeks of observing and planning so they can choose the most susceptible targets. They do this by learning systems and personnel. They research businesses and find out which ones will have lighter IT security in place. For example, through open-source intel-gathering they could find your lone IT support staffer on LinkedIn, then find their Facebook or Instagram and learn when they’re going on their next vacation. Attackers could also use targeted social engineering such as email in order to learn more about the systems the organization is using. This helps the attackers find if it’s out of date or even lacking a more recent security patch.

Then, the attacker gets to planning. They go through system layouts and understand exactly what they need to attack, where the attack needs to happen, and when it should take place. They play for various scenarios by learning the potential outcomes as well as play for what they may not foresee. They learn what they can automate and what they’ll have to do manually. Then, the attacker goes shopping on what's essentially an Amazon for cyber-criminals – usually on the dark web – and purchases the type of ransomware attack they need.

Attackers do their homework. They know the organization they’re about to attack inside and out – likely even better than the organization know itself. That brings the conversation towards you. In our Home Alone example, you can end up as a house that gets burglarized or you can become a Macaulay Culkin.

We’ll talk about how you can become the latter shortly, but first let’s talk about what happens if you remain the former.

The attacker has done weeks of research so that when the attack hits you it will feel sudden, as if it were at the worst possible moment. This is by design and intentional. Only mere hours are needed for the attack once the hacker begins locking down critical files and information before things reach a boiling point for you. During that time options will feel limited, you’ll struggle to wrap your head around the situation while maintaining your organizational operations, and every moment that passes will put further pressure on you and your organization.

You may make the call to pay the hacker, and if you do know that you aren’t alone in that decision. Many small businesses don’t have other options, and end up paying in order to move past the situation. You may have no choice, and that’s part of what the hacker planned.

However, paying the ransom is only another step in the events that kicked off weeks before the attack even happened. There are multiple facets to the ransomware fallout, with many impacting small businesses in unique ways.

The first is public opinion. After the ransomware attack, you may need to inform your customers what happened, or they may find out themselves. This will impact and shape current and future customer perspectives for some time, but bigger companies will experience this differently from small businesses. Bigger organizations who have experienced a ransomware attack can afford the fines and pay for the PR that comes with an attack, ensuring that the message – and perception – moves forward quickly. Small organizations may not have the financial means to pay for proper PR messaging, or the fines may further harm their bottom line and jeopardize their ability to stay in business. Most people will not continue trusting a company the same way they did before the attack, and for small businesses this can be a blow they may not recover from.

The second is repeat attacks. After an attacker has successfully executed a ransomware attack on an organization, who’s to say they won’t try again? A hacker who gets into your system could map the entire system and network, and then create a backdoor for themselves. This means they’ll have a much easier time getting in for a repeat attack in the future. Big organizations can possibly choose to pay to ensure these are mitigated after the first attack and double down on investing in their IT security. Small businesses may assume the worst is over or not consider changing things further. Thinking again about a home being burglarized, after the first time this happens a homeowner is likely to beef up their security. Smalls businesses may not think to do this after they’ve been hacked. This means three, six, twelve months down the line they could experience a repeat attack from the same hacker.

And why are small businesses more at risk in general? Part of the reason is they haven’t quantified how much money they could potentially lose if an attack does happen to them. Though small and big businesses alike have the same goals, small businesses do not have the resources as big businesses. They may just assume that a hack means their email goes down until they can purge the bad actor from their network.

But you don’t have to be a house that gets burglarized. As a small business, you can be the Macaulay Culkin – ready for the attack and thwarting the threat at every step. And we’re going to teach you how to do that right now.

You’ve seen attacks happen to other small businesses on the news perhaps even among those you know. Now it’s time to take charge like Kevin MacCallister and secure your organization.

There’s a common phrase among security experts that there are two types of organizations: those who know they’ve been hacked and those who don’t know they’ve been hacked. In other words, organizations must be alert and aware of their system weak points and potential breaches, otherwise they risk not knowing about an attack until it’s too late. In order to “know” what’s going on with your systems, there are strategies you can utilize:

Understand that you’re at risk, always. You may not be a target at that very moment, but much like anyone with a home is a potential burglary victim, any organization is a potential target for hackers. This means acknowledging the threats out there and understanding where these threats can come from. You need the right expertise in place to evaluate, understand, and identify potential breach points or areas of exposure in your infrastructure. And never assume you’re too small to be attacked. Attackers will often look to small businesses or organizations with outdated IT as a way to practice their attacks before fishing for bigger game. No matter how small your organization may be, you will not fly under the radar of a potential attacker. Be vigilant and have the right mindset.

With a potential threat always looming, you need to be ready the moment an attack occurs. This means having the right response plan in place. Know who to notify, when they should be notified, and what actions need to be taken to lock down the threat, secure your systems, and mitigate any potential issues before they spiral. Have a plan in place and know the variables so you can iterate and adjust accordingly. For example, if your IT support person goes on vacation for a week, who’s responsible in their place? Finally, make sure you’re routinely updating these plans. Technology changes rapidly, and your plans must change as well.

Again, it does not matter how big or small your organization is, everyone with access to your systems must be trained to identify potential threats as well as hackers. Teach them how to identify suspicious emails and identify potential social engineering attacks, have a security best practices guide in place and have your organization review it annually, and send out practices and tests so that your organization can see what these threats look like in real-time. See this as a point of pride for your organization – you take security seriously, and you won’t fall victim to a bad actor so easily.

Look into technology that you can utilize within your IT environment to help keep it secure. This includes next-gen firewalls, endpoint security with anti-ransomware capabilities, email security, and user training. Outdated technology is a potential threat, but inadequate (or nonexistent) user training creates the weakest link in your IT chain, so make sure you’re staying up-to-date with training and technology.

Even Kevin MacCallister had a little help from his neighbor, and you too shouldn’t shy away from getting help to secure your systems. That’s where we can come in. CDW offers IT security services for organizations large and small that can help protect you from potential threats as well as identify areas to reinforce. Rather than replace your in-house IT team, we help them with the right resources and tools so their job becomes more important than ever and you have peace of mind against ransomware and other attacks. Hackers don’t execute these attacks on their own, and you shouldn’t defend against them by yourself either.

To learn more about how CDW can help you with your security, take a look at some of these links below: