Can your business survive a ransomware attack?

by admin in Security. Posted January 6, 2020

Everything still looks the same. The printer and coffee maker are still there, just like the computers. Yet there was a break-in: access to customer data, information about business processes and inventory information has disappeared. It happens to a growing number of companies.

If an infection with the malicious software persists for long enough, it can end with a possible bankruptcy of a company. Extortion software can completely disrupt a company. Only when the ransom has been paid, criminals release the files.

It is easy to understand that companies affected by so-called ransomware or hostage software want to prevent their bankruptcy at all costs. If the payment of a large sum of ransom causes the computers to do it again, the choice is made quickly.

Ransomware is an increasingly utilized and extremely lucrative source of income for the cyber crime industry. Hacking toolkits are widely available on the darknet for very little money and the revenues are substantial. In 2018 the global revenue of the cyber crime industry was well over $1 billion and according to McAfee Labs ransomware attacks have increased by 118% in the first quarter of 2019. Sixty percent of the companies that are hit by ransomware are out of business within 6 months [1].

As I am writing this I have received the following news article: Ransomware Hits Maastricht University

Despite these alarming numbers, even today many small and mid sized companies are woefully inadequately protected against bad actors both from either inside their company or outside their company. In this post we will try to address some of the most persistent myths around virus protection and list some of the best practices to reduce the chance of being infected and to mitigate the adverse effects of an infection. This post is by no means meant to be a complete overview of all the information that is available on ransomware. It is simply meant to get your started. There are a few links at the end of the article for more information.

So here are the most persistent false myths:

Myth #1: Our company is too small to be at risk – Sixty two percent of all cyber attacks were against small and mid-size companies. Never believe that your company is too small to be of interest to a hacker. If anything, hackers are often more interested in small and mid-size companies because those companies usually don’t have the expertise and the budget allocated to set up an adequate multi-layer defense agains malafide attacks.

Myth #2: There is nothing of interest to hackers in our network – The primary goal of the hackers is NOT to obtain sensitive or confidential information from your network but to shut down your business. The hackers are only interested in how much you are willing to pay after they bring down your entire IT infrastructure with ransomware.

Myth #3: We are aware of the threats but we don’t have the money to buy expensive edge and end-point solutions – For a small business, with a dozen or so computers and a few servers in the cloud, the initial investment is probably somewhere between $5k and $10k. Just ask yourself how much money does it cost your business to be down for an hour, a day, a few days and then ask if you are willing to pay more than that amount of money as ransom when your business is entirely shut down. How badly does an attack strain relationships with your customers or business partners?

Myth #4: We are safe, we are working with Macs – Although there may be fewer known viruses for Macs or iOS devices, if you click on a bad link in an email or text message your device is just as likely to be compromised as any other operating system. Also note that the number of threats for Macs is rising quickly; by 500% during the first half of 2018 [2].

Myth #5: At least our Linux servers in the cloud are safe – Because servers usually have such a critical role in a company’s infrastructure they are under near constant attack and there are some very sophisticated Linux viruses out there [3] that, once installed, are very hard to remove.

This list goes on, but it should now be obvious that nobody is safe and that it is no longer a question IF your system gets hacked, but WHEN it gets hacked. And when that happens, you need your business to be prepared.

So how to best prepare you business and protect your network?

Security is quite complex and requires a layered approach. There isn’t a single solution that protects your business against every threat, so you must layer the security to improve detection and prevention mechanisms.

Education – The majority of the threats enter the network through the email system. Users are the first line of defense and should be properly trained to ensure they are well informed to identify phishing/malicious emails, and, when in doubt, to contact the IT department instead of just clicking the link to see what happens.

Passwords – Implement a Password Management Policy – Believe it or not, starting 2020 the most used passwords are still ‘123456’ and ‘password’. Train/enforce your employees to change passwords every 90 days and choose a password that is somewhat easy to remember but hard to guess [4].

Permissions – Yes, it is convenient to give everyone ‘admin’ permissions but with that policy you open up your entire network to every virus that slips in through any computer. Instead, apply the Principle Of Least Privilege (POLP) where every user or process only gets those privileges which are essential to perform their or its intended function [5].

Backup – The 3-2-1 Rule. The rule is: keep a minimum of three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite. Ensure you have a solid backup routine in place with daily, weekly and monthly restoration points. Verify regularly, at least weekly, that you can rebuild your system from the backups. DO NOT STORE BACKUPS ON YOUR PRODUCTION SERVER.

Updates – Keep the systems up to date. The OS vendors are in a constant Red Queen competition with the bad guys. Apply computer, phone and tablet security patches as soon as they become available to minimize the ability of malware to exploit software weaknesses.

Perimeter – Work with IT professionals and install managed, business-grade firewalls, which are now called Unified Threat Management (UTM) Devices. These UTM devices are available from Cisco, Fortinet Palo Alto, Sonic Wall, or Sophos.

Endpoint – Install nextGen Anti-virus software such as DeepInstinct, SentialOne and Sophos. The traditional anti-virus applications just don’t cut it anymore because they are unable to keep up with the new fast-changing viruses in the wild.

Companies that are hit with ransomware are advised by the FBI to not pay and contact the FBI immediately [6].

Feel free to contact us with your questions, when you want us to perform a security audit or when you need advice selecting the right tools to help you improve or implement a multi-level security solution.