It’s all over the news today. Colonial pipeline was one attack hard to miss. The bad actors nearly got away with $5 million. Not a bad payday if you are a bad actor. Detrimental to the average company. The bad actors will negotiate, but law enforcement advised that you should not pay ransoms. Because we don’t want to pay, they take it a step further and download your data first and blackmail you into paying. Coveware reports that 77% of ransomware attacks involved a threat to leak the stolen data. Then they took it a step further to blackmail your customers into paying to keep their data safe.
The attack vectors continue to evolve, so the question is, how do you keep your business safe? BACKUPS. Just ask Fujifilm. If you recover your systems and data, then payment for the key is not necessary. What to do with the extortion risk, well that is another story.
It is not a new idea—you backup the data, source code, and the systems configuration files. The rule is 3-2-1—three copies on two different types of media with one copy offsite. Most recommendations say that the cloud is a safe ‘offsite’ location. If you are paranoid, make it offline; if not, make sure there is no easy access from your network into your cloud account.
Healthcare has been one of the biggest targets for the bad actors to go Big Game Hunting (BGH). That does not mean that they will not attack anyone else they can.
The UF Health Central Florida switched to paper backups due to ransomware.
Scripps Health had its electronic health records system offline and had to reschedule operations.
Colonial pipeline was $5 million. Is that normal? Coveware reports the average ransom payment was up 43% 1st quarter 2021 from 4th quarter 2020 to $200,298. In comparison, Check Point’s data says that payments are up 171% over the last year and are now averaging about $310,000.
That is not the worst of it. When ransomware hit the city of Atlanta municipal operations, the bad actors wanted ~$50,000 in bitcoin. The emergency efforts to respond cost the city more than $2.6 million.
What about insurance? Your business can purchase coverage for events like ransomware; how much will that be, though? That is beyond my scope here, but something to think about for later.
The bad actors get into the systems any way they can. Verizon’s 2021 Data Breach Investigations Report (DBIR) shows that the bad actors most commonly get into our systems through phishing or stolen credentials. Once they are in, there is more work for them to do, though.
Stolen credentials are not the only way into our networks. Weak credentials are next on the list, and that takes us to the RDP brute-force attack that allows Dharma ransomware to be delivered. The long and short of it is that network admins have enough credentials to track that passwords to systems are often weak, as in the RDP password. Add in some misconfiguration of the systems that leave RDP open to the Internet, and the bad actors will be in if they are not already in your systems.