Defending Yourself from Ransomware
Ransomware is one of the biggest threats organizations face, and this article will teach you how ransomware attacks take place as well as how you can defend yourself.
The Motive for Ransomware
As technology has evolved, threats have evolved with them. While many are familiar with malware and viruses, new threats have emerged. One of these threats is called ransomware. Ransomware is designed to prevent the attacked from accessing files or information in their systems until money is paid to the attacker. This is a favorite of bad actors for the quick and easy deployment, as well as the profitability. What’s more, you don’t need to be a tech-savvy hacker to employ a ransomware attack – software is purchased off the dark web and can be easy to use.
An eMarketer chart published in January 2020 found that 48% of senior executives at midsized companies feel malware and ransomware are their greatest cyber threat. Despite the recognition of this threat, only 45% have a contingency plan in place should an attack occur. What’s more, only 47% have proactive countermeasures in place of an attack and 37% hired an external consultant to identify threats. This poses a challenge: the threat is real and recognized, but is enough being done to protect one’s business from an attack?
We consulted with CDW cybersecurity experts on how ransomware attacks take place, the threats they pose, the fallout that could occur, and the unique threats that small businesses face. Finally, we talked about solutions and strategies to protect your organization against a ransomware attack
How Hackers Plan a Ransomware Attack
Think back to the movie Home Alone. At the very beginning of the movie Joe Pesci and Daniel Stern are going around a Chicago neighborhood posing as police to case different houses and better understand what each home has in security – as well as what they lack. A short while later, we see the two criminals again, demonstrating a mastery over each home’s system so they know which ones will be easy to burglarize.
Hackers are no different. For an attack that could happen in a moment, there are days and weeks of observing and planning so they can choose the most susceptible targets. They do this by learning systems and personnel. They research businesses and find out which ones will have lighter IT security in place. For example, through open-source intel-gathering they could find your lone IT support staffer on LinkedIn, then find their Facebook or Instagram and learn when they’re going on their next vacation. Attackers could also use targeted social engineering such as email in order to learn more about the systems the organization is using. This helps the attackers find if it’s out of date or even lacking a more recent security patch.
Then, the attacker gets to planning. They go through system layouts and understand exactly what they need to attack, where the attack needs to happen, and when it should take place. They play for various scenarios by learning the potential outcomes as well as play for what they may not foresee. They learn what they can automate and what they’ll have to do manually. Then, the attacker goes shopping on what's essentially an Amazon for cyber-criminals – usually on the dark web – and purchases the type of ransomware attack they need.
Attackers do their homework. They know the organization they’re about to attack inside and out – likely even better than the organization know itself. That brings the conversation towards you. In our Home Alone example, you can end up as a house that gets burglarized or you can become a Macaulay Culkin.
We’ll talk about how you can become the latter shortly, but first let’s talk about what happens if you remain the former.
Cybersecurity by CDW
Data is the core of your organization, but how do you protect your data when it — and attackers — can reside anywhere? Learn how we can help you assess your cybersecurity practices and create a strategy that helps you predict, guard against and proactively respond to evolving cyberattacks.
The Ransomware Attack, Fallout, and Repercussions
The attacker has done weeks of research so that when the attack hits you it will feel sudden, as if it were at the worst possible moment. This is by design and intentional. Only mere hours are needed for the attack once the hacker begins locking down critical files and information before things reach a boiling point for you. During that time options will feel limited, you’ll struggle to wrap your head around the situation while maintaining your organizational operations, and every moment that passes will put further pressure on you and your organization.
You may make the call to pay the hacker, and if you do know that you aren’t alone in that decision. Many small businesses don’t have other options, and end up paying in order to move past the situation. You may have no choice, and that’s part of what the hacker planned.
However, paying the ransom is only another step in the events that kicked off weeks before the attack even happened. There are multiple facets to the ransomware fallout, with many impacting small businesses in unique ways.
The first is public opinion. After the ransomware attack, you may need to inform your customers what happened, or they may find out themselves. This will impact and shape current and future customer perspectives for some time, but bigger companies will experience this differently from small businesses. Bigger organizations who have experienced a ransomware attack can afford the fines and pay for the PR that comes with an attack, ensuring that the message – and perception – moves forward quickly. Small organizations may not have the financial means to pay for proper PR messaging, or the fines may further harm their bottom line and jeopardize their ability to stay in business. Most people will not continue trusting a company the same way they did before the attack, and for small businesses this can be a blow they may not recover from.
The second is repeat attacks. After an attacker has successfully executed a ransomware attack on an organization, who’s to say they won’t try again? A hacker who gets into your system could map the entire system and network, and then create a backdoor for themselves. This means they’ll have a much easier time getting in for a repeat attack in the future. Big organizations can possibly choose to pay to ensure these are mitigated after the first attack and double down on investing in their IT security. Small businesses may assume the worst is over or not consider changing things further. Thinking again about a home being burglarized, after the first time this happens a homeowner is likely to beef up their security. Smalls businesses may not think to do this after they’ve been hacked. This means three, six, twelve months down the line they could experience a repeat attack from the same hacker.
And why are small businesses more at risk in general? Part of the reason is they haven’t quantified how much money they could potentially lose if an attack does happen to them. Though small and big businesses alike have the same goals, small businesses do not have the resources as big businesses. They may just assume that a hack means their email goes down until they can purge the bad actor from their network.
But you don’t have to be a house that gets burglarized. As a small business, you can be the Macaulay Culkin – ready for the attack and thwarting the threat at every step. And we’re going to teach you how to do that right now.
Cybersecurity Solutions Spotlight
[PDF] Threat Check 3.0 by CDW
Security is top of mind for every organization. Threats persist and cybercriminals grow savvier. Companies need a better way to proactively detect and defend against network attacks.
Protecting Yourself and Your Organization from Ransomware
There’s a common phrase among security experts that there are two types of organizations: those who know they’ve been hacked and those who don’t know they’ve been hacked. In other words, organizations must be alert and aware of their system weak points and potential breaches, otherwise they risk not knowing about an attack until it’s too late. In order to “know” what’s going on with your systems, there are strategies you can utilize:
1. Have the right mindset:
Understand that you’re at risk, always. You may not be a target at that very moment, but much like anyone with a home is a potential burglary victim, any organization is a potential target for hackers. This means acknowledging the threats out there and understanding where these threats can come from. You need the right expertise in place to evaluate, understand, and identify potential breach points or areas of exposure in your infrastructure. And never assume you’re too small to be attacked. Attackers will often look to small businesses or organizations with outdated IT as a way to practice their attacks before fishing for bigger game. No matter how small your organization may be, you will not fly under the radar of a potential attacker. Be vigilant and have the right mindset.
2. Create a response plan – and keep it updated:
With a potential threat always looming, you need to be ready the moment an attack occurs. This means having the right response plan in place. Know who to notify, when they should be notified, and what actions need to be taken to lock down the threat, secure your systems, and mitigate any potential issues before they spiral. Have a plan in place and know the variables so you can iterate and adjust accordingly. For example, if your IT support person goes on vacation for a week, who’s responsible in their place? Finally, make sure you’re routinely updating these plans. Technology changes rapidly, and your plans must change as well.
3. Train your team to identify threats and take security serious:
Again, it does not matter how big or small your organization is, everyone with access to your systems must be trained to identify potential threats as well as hackers. Teach them how to identify suspicious emails and identify potential social engineering attacks, have a security best practices guide in place and have your organization review it annually, and send out practices and tests so that your organization can see what these threats look like in real-time. See this as a point of pride for your organization – you take security seriously, and you won’t fall victim to a bad actor so easily.
4. Get the right technology and strategy in place:
Look into technology that you can utilize within your IT environment to help keep it secure. This includes next-gen firewalls, endpoint security with anti-ransomware capabilities, email security, and user training. Outdated technology is a potential threat, but inadequate (or nonexistent) user training creates the weakest link in your IT chain, so make sure you’re staying up-to-date with training and technology.
5. Ask for help!:
Even Kevin MacCallister had a little help from his neighbor, and you too shouldn’t shy away from getting help to secure your systems. That’s where we can come in. CDW offers IT security services for organizations large and small that can help protect you from potential threats as well as identify areas to reinforce. Rather than replace your in-house IT team, we help them with the right resources and tools so their job becomes more important than ever and you have peace of mind against ransomware and other attacks. Hackers don’t execute these attacks on their own, and you shouldn’t defend against them by yourself either.
To learn more about how CDW can help you with your security, take a look at some of these links below:
Cybersecurity Solutions by CDW
Your organization is under attack. Viruses, malware, ransomware and malicious bots are out there, ready to strike. CDW can orchestrate a defense-indepth solution that protects your blind spots from attacks.
Next-Gen Endpoint Security
A data breach will cost your organization more than just data loss. New defense techniques like next-gen endpoint protection can help you save money — and your brand reputation.
Organizations are turning to cloud-based solutions for data center and application needs. But without the right security strategy, your data can be at risk when it moves beyond the network perimeter.