What is Ransomware?
Ransomware attacks have hit the headlines in 2021 and may have impacted your life or wallet. Most notably, the Colonial Pipeline ransomware attack, attributed to a compromised password and access to a VPN, had people waiting in longs lines for gas on the East coast of the United States and JBS foods, the largest meatpacker in the US, paid $11 million in ransom after an attack in the Spring of 2021.
Ransomware refers to malware used by criminals to scramble a targeted organization’s data with encryption until a ransom is paid. The perpetrators typically put instructions on the infected computers for how to pay the ransom and then once the victim transfers the cash, they give them decryption keys to unlock their files. JBS became aware of the attack against them when they started noticing irregularities in their servers and then found a message demanding the ransom.
Other ways criminals use ransomware is for data-theft and blackmail. They copy files before encryption and threaten to post them publicly unless a ransom is paid. Tactics often referred to as double or triple extortion threaten additional stakeholders to include clients, patients or employees with releasing personal information. Even if you routinely back up your data, your business may be subject to ransomware attacks.
A recent article in the hackernews, reports that cybercrime experts are trying to recruit insiders by offering enticing payments in bitcoin. The article even mentions a Lagos-based social networking startup that plans to use siphoned funds to build their company. Hackers have used LinkedIn to collect corporate email addresses to be used as targets.
What can I do to protect my business from ransomware?
As people become smarter about the methods hackers use, hackers find new ways to disrupt businesses for a profit. In addition to the data and business down time, money is lost through dealing with insurance companies and incident response teams to get processes up and running again. The FBI offers the following steps to protect against ransomware attacks:
- Keep software, apps and operating systems up to date. Install those updates or have them automatically installed when released.
- Auto update anti-virus and anti-malware software, schedule regular scans and centralize reporting.
- Back up data routinely and practice restoring your data often.
- Secure your backups by ensuring they are not protected by the same credentials used on your primary storage.
- Create a business continuity plan for when an attack does occur, so your organization knows how to react, then practice it.
Kainos Technologies has put numerous controls in place recently to take a stand against and help protect clients from ransomware attacks. Below are some actions Kainos Technologies is taking to improve client’s security posture in addition to services we recommended as part of your business continuity plan.
1. Kainos has implemented a new security system called Huntress on all machines under management which provides the following features.
- Notification of persistent malware footholds by attackers
- Ransomware canaries that alert us when certain files have been altered
- New managed Antivirus
- External recon of client networks
- 24/7 access to a live team of experts staffing a security operations center.
2. We have upgraded our Remote Management system to a top shelf platform that allows us to better manage Microsoft patches in addition to monitoring the health of all your computers and alerts our staff on errors and poor performing workstations so we can identify and implement fixes before they become a drag on your productivity.
3. We have partnered with a Cyber insurance company that caters to MSPs like Kainos and their clients called the Technology Risk Underwriters Group. We highly recommend that all our clients sign up for cyber coverage to help protect you and your pocketbook should the unexpected happen.
4. We are upgrading our backup systems to one that has both ransomware detection and automated backup image verification.
- For Windows 10 machines with less than 1TB of storage on a single volume, we can provide appliance-less, image-based backups for $15/month/computer
- For your environment that also contains Windows servers with your critical data, I am recommending an on-site appliance. The advantages include:
- Fast data restores with the local copy
- Secure cloud sync
- Unlimited cloud backups
- Quarterly disaster recovery testing with your team
- Up to the hour ransomware detection for servers
- Local and Offsite boot verification
- Should you have a complete hardware failure, the backup appliance can run your server as a virtual machine until the hardware is restored
5. Lastly, we are also now offering up a new anti-spam/anti-phishing system call Proofpoint to help block the phishing attacks we have seen become such a huge risk to the businesses we partner with for Cost: $2.75/month/user.
Proofpoint also offers end-user education on best practices to help them identify scams at an additional cost of $1/moth/user.
If you have questions or want to learn more about how to protect your business from ransomware attacks, contact us.