The Latest Ransomware Threat

by | Jan 14, 2020 | Security

It’s no surprise that the state of cybersecurity is constantly changing. Criminals will be criminals. Knowing this does not make it any less annoying to think that just when you have addressed one vulnerability, another one (or two) opens up. It can drive a business leader, who wants to just serve clients, grow, and enjoy work, nuts. The long list of threats just keeps growing like a field of dandelions field.

So What’s The Newest Ransomware Seed Taking Root? 

Today, cybercriminals are publicly outing firms after they infect your systems with ransomware and you don’t pony up. No more private two-party kidnap negotiations. Now, it is on headline news and damaging both your reputation and your enterprise’s ability to operate. This is a VERY big deal for financial services firms. 

In the past, you could get a limited ransomware infection, on one server for example, and if you were doing all of the right things, you could recover from a backup with minimal effort and move on with your day. No need to pay the ransom and you were back in business quickly. Ironically, hackers were actually helpful in recovering from the “infection” they had just threatened your systems with–once you anted up. (The easier they made it for the victim to move on the greater the chances that the injured party would pay.). Odd but true, it would be self-defeating for a ransomware hacker to infect your files AND make them unrecoverable. What fool would pay to get back destroyed files?!

In the latest ransomware attacks, when a firm does not pay the ransom, criminals are publishing the fact that you are infected. Then, to add insult to injury, they are proving it by sharing a sample of your documents online.  Ransomware just went from kidnapping to extortion. Not a good sign for companies that don’t take cybersecurity seriously. Employee productivity, the enterprise’s ability to stay up and running, and your most valuable data are at serious risk.

“During ransomware attacks, some threat actors have told companies that they are familiar with internal company secrets after reading the company’s files. Even though this should be considered a data breach, many ransomware victims simply swept it under the rug in the hopes that nobody would ever find out.“

Lawrence Abrams
Founder of the computer security blog BleepingComputer.com

Still think it can’t happen to you because you have no important data or your business is not high profile enough? Think again.

RELATED:  You really need to take Ransomware seriously 

We had a financial services client get an infection. One of their advisers opened an email from the firm’s CEO, whom they had never personally met, in order to see the vacation pictures the CEO so generously wanted to share (Like we said, human nature.). We stopped the ransomware’s spread, recovered from a backup, and moved on from the incident with no one aware of what had happened. Today, victims need to tackle the additional, real, damaging threat of public extortion and its commensurate reputational risk in a reputation-driven business.

5 Steps Firms Can Take to Address the Latest Ransomware Threat

  1. Be prepared for the worse and have Backups, Backups, and more Backups. If your backups are in pristine shape, you are at least covered if a ransomware event hijacks all of your data.
  2. Educated your users. Educate them often and regularly. This can decrease your chance of a ransomware hack greatly.
  3. Have robust IT procedures and systems. Regular Windows and application updates, best of bread anti-virus, anti-spyware, and spam filtering applications, implement systems like End Point Detection and Response (EDR) and Multi-Factor Authentication (MFA).
  4. Immediately review your Incident Response Plan and follow those procedures. Don’t have one of those? Might be time you create one.
  5. Prepare yourself for a post-breach incident response drill. Once things are “back to normal” you have to ensure the original hack is really gone. Too often the hackers will leave some hidden access which they exploit later to infect you all over again.

If you find yourself and your data in the headlines, get a good crisis media relations firm. Stay in front of this as much as you can.

Here is a good article from KrebsonSecurity that gives additional insight and real-time examples.

John Ahlberg, CEO, Waident Technology Solutions

John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.

Subscribe

Related posts

9 Steps Manufacturers Can Take to Prevent a Ransomware Attack

9 Steps Manufacturers Can Take to Prevent a Ransomware Attack

Recent attacks on critical suppliers in the gas and food industries have illustrated how hackers attack easy targets, inflict serious pain, and extract easy money from pressured executives. Using what we've learned from recent attacks here are 10 steps manufacturers...

Choosing an MSP: No. 2. Strategic Alignment and POV on IT

Choosing an MSP: No. 2. Strategic Alignment and POV on IT

Does the MSP share our vision for IT and its purpose? Financial viability is critical for an MSP. Prudent financial management ensures that the proper investments are being made in the business and that the MSP can survive the booms and busts of technology trends....

Share This