Recently, Jim Mayne, the CEO of Deerwood Technologies, sat down with the Brainerd Lakes Chamber of Commerce to discuss ransomware, what it is, and how you can protect yourself. Follow along for the key takeaways:
What is ransomware?
Ransomware is malicious and dangerous software that will infect a computer, making users unable to use it or access encrypted files until a ransom is paid. Ultimately, ransomware victims are extorted to pay the ransom demands and cannot access their data due to the ransomware encryption.
What’s the impact of a ransomware attack?
- According to a survey by Cybereason, 35% of respondents paid between $350,000 and $1.4 million. 7% of companies paid more than $1.4 million.
- The second most significant financial impact is a loss of revenue from the interruption to business operations.
- Over 50% of the people in this survey also suffered some sort of brand or reputation damage.
- Almost 50% of respondents reported that after they paid the ransom they recovered access to their data, but oftentimes that data was corrupted.
Who is behind ransomware attacks?
There are several people and/or groups involved in ransomware:
- Countries such as Russia and North Korea have launched ransomware attacks against the United States
- Cybercriminals looking to extort specific companies
- Individuals looking to make money and sell personal information on the Dark Web
Who is being targeted by ransomware?
Businesses are often ranked based on the amount of sensitive information they have access to. Often cybercriminals target companies based on the value of their information.
Companies are also targeted based on their vulnerability to the threat of ransomware. When a criminal obtains something and profits from it, it’s much simpler to go to a place where the defense mechanisms and protections are low.
“You don’t go to Fort Knox to steal gold; you go somewhere easier to target.”
Threat actors have ways of analyzing publicly available information to see who has the highest ability to pay ransoms. These companies become targets.
Many small businesses think that they’re not a target because the value of their information is relatively low. That may not be the case, and the impact can be pronounced.
What types of information are cybercriminals looking for?
- Credit card information
- Any personally identifiable information
- Social Security numbers
- Healthcare information
- Used to file false claims against insurance companies or Medicare
How do cybercriminals breach a company?
Hackers have so many tools they can use to force their way into a device or an environment. Bad actors today will get malware into an environment. They will sit and watch, and they will collect the information and feed it back for different types of analysis.
Many of us have seen emails or even text messages that appear to come from our organization’s leaders that will ask for a quick piece of information. Often these are phishing emails and can lead to ransomware. Be on the lookout!
Below are some of the ways companies are breached:
- Someone in the company clicks on an infected attachment
- Credentials are unwittingly provided via a phishing email
- Phishing attempts through voicemail, phone calls, or text message
- Links via text message
“More and more, bad actors are using multiple means that make their request for access seem more credible.”
It’s not just computers that are at risk for a cyberattack. It’s any network device in your environment, including:
- Surveillance cameras
- Cash registers
When those devices are left unprotected or configured in the wrong way, they are easy targets for cybercriminals.
What should we do if our company is breached?
Your immediate goal, of course, should be to minimize the impact and loss. Like a burglary or theft, there’s an emotional effect of this kind of intrusion and violation. Even though that happens, it’s important to stay focused and calm. The key goal is to contain the cyberattack. You want to stop and minimize the damage it can cause.
Oftentimes, the first knee-jerk reaction is to shut down a computer, but shutting down your computer and restarting it can cause further damage.
- Experts recommend that, instead of shutting down your computer, disconnect the local network of your organization from the internet. This way, perpetrators can’t continue to receive information about your environment.
- The second step is to disconnect any backup devices for your systems. Often it is hard for cybercriminals to encrypt those backups quickly, and this will allow you a chance to save your data.
- As soon as you realize you’ve been the victim of an attack, you should change your passwords, especially for cloud systems. Often the cloud systems haven’t been accessed yet, and that may certainly be one of the next steps that the attackers take.
- Getting help from experts after a cyberattack is crucially important. They will help you understand how to proceed and how the attack was accomplished and then help you work to mitigate future attacks.
- After a company takes these steps, they should begin restoring their systems from backups, rebuilding computers that have been infected or damaged, and getting their business back up and running!
Build a Plan
Organizations need to be aware of and be smart about cybersecurity and ransomware. It’s important to analyze the solutions you are currently using to monitor your IT environment. You need to do more than just have anti-virus software running on employee computers to stay ahead of malicious attackers.
Additionally, it’s important to turn your staff and yourself into human firewalls through education and training. Knowing where, when, and how attacks occur is key! Password complexity, good password hygiene, and security awareness programs will help bring the culture of cybersecurity into an organization.
Identifying and prioritizing your business risks by conducting a risk and vulnerability assessment is an outstanding place to start in protecting your organization. Setting up a risk and vulnerability assessment on a quarterly or semi-annual basis will help you determine what new gaps may exist and where you are on your road map to closing gaps that have previously been identified.
We know how complicated managed security and managed IT can be. That’s why we offer comprehensive IT risk assessments to help you discover the potential gaps in your security.
Working with us is straightforward. We measure our success by the success of our clients.
Here are the 3 easy steps:
- We assess your business: A “one size fits all” approach does not work for IT services, which is why we focus on your specific business goals and budget priorities during your assessment.
- We design and implement your customized solution: We recognize that every organization’s needs are different. That’s why we customize an IT solution to fit your unique needs.
- You cross IT off your worry list: We know security compliance requirements and understand the stressful audits you face. Our expertise and process make compliance easy, so you can focus on your business.