We reported earlier today about the devastating number of reported ransomware attacks in the U.S. This is based on research from Armor. We need to acknowledge this is just a small percentage of the overall threat and probem because the vast majority of companies try not to report attacks. this is even in th face of regulatory and legal consequences. Even though cybersecurity professionals consider ransomware to be a breach, many companies do not.
The bottom line is the problem is bad. So bad in fact that ransomware hackers can attack at will - target companies, municipalities, etc and the people in these jurisdictions seem helpless.
Just today as this post was being submitted, there was a newley reported Texas victim.
Keene, Texas, a city of approximately 6,400 residents, posted on their Facebook page that they too had been hit by the coordinated ransomware attack of August 16th. They stated the following:
“Keene is working with law enforcement to resolve a cyber incident that impacted servers state-wide. Because this is an investigation, we can’t share much.
The city wants you to know there will be no credit card payments or utility disconnections for now, the drinking water is safe and you can check their Facebook page for updates.
Now, 22 local texas Government organizations have been hit in the most devastating, coordinated, successful ransomware attack seen to date.
An Ounce of Prevention is Worth a Pound of Cure
From the rash of ransomware attacks which have occurred this year, if there is any lesson to be learned and only one preventive measure which can be taken is that organizations must utilize OFFLINE BACKUP STORAGE of all critical data, applications and application platforms. They must ensure that these are backed up, password- protected and air-gapped from the Internet and ensure that they have multiple copies.
Other Key Ransomware Protection Tips Include:
- White Listing Solution – limits the use of applications and processes that are allowed to run in your environment by providing a short list of approved applications and processes. Like a VIP List for your PC, if it’s not on the list, it’s not allowed.
- File Integrity Monitoring—Monitors your IT environment 24x7x365 for changes to critical OS, files and processes such as directories, registry keys, and values. It also watches for changes to application files, rogue applications running on the host and unusual process and port activity, as well as system incompatibilities.
- Practice Least Privilege Access Control –ensure the user has the least privilege for their job. This also applies to services.
- Audit/Penetration Testing from Independent, Third-Party Experts—to ensure that you are implementing best practices.
- IP Reputation Monitoring/Blocking—blocking bad known bad infrastructure and actors
- Continuous Security Awareness Training – educate employees about current and emerging cybersecurity risks and phishing emails. Effective training should actively engage employees and include policies concerning the correct response to suspected phishing attempts.
- Endpoint Protection Solution – includes protection, detection and response capabilities for laptops, workstations and mobile devices. Utilizes antivirus (AV) and antimalware (AM) to block cyber attacks. It is also used to quickly detect and remediate any malicious activity or infection that has made its way onto the endpoint.
Want more? We have further put together cybersecurity essentials – a simple list which will help most organizations become far more secure. Some of our list overlaps with the above.
Please go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great.
We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately