Ransomware was fairly cut-and-dry until recently. If your organization was affected, you either paid the ransomware request or you didn’t. If you opted not to pay, you had to figure out how to restore from unaffected backups. Unfortunately, a new challenge is emerging: Ransomware coupled with extortion. In other words, pay up, or your data is leaked online — and you may face secondary attacks.
This comes at a time when the number of organizations impacted by ransomware globally doubled in the first six months of 2021, compared to the same period in 2020.
One of the first reports of extortion-based ransomware was in January of 2021 when the FBI identified Hello Kitty/FiveHands as a ransomware group. The FBI stated that Hello Kitty/FiveHands demanded varying ransom payments in Bitcoin that appear designed to match what the victim can pay.
In situations like these, if a company chooses not to pay the ransomware request, not only will their data remain locked on their servers, but the hackers will also post unlocked data to an anonymous file portal or sell it to a third-party data broker to be used in hacking attempts.
In another incident in February of 2021, the REvil ransomware group announced they had added phone calls to the victim’s business partners and the media on top of the potential for data leaks and distributed denial-of-service attacks.
Ransomware victims have multiple layers of problems to work through as they consider how to proceed:
- What internal data is locked?
- What customer data is locked?
- Has ransomware affected backups of internal data?
- What are the ramifications of customer data leaking?
When you are dealing with the potential for private company data and customer data leaking online, the ramifications grow exponentially. For some companies, this may even mean an attack leads to a drastic reduction in business as customers sever relationships for fear that their data won’t be properly managed in the future.
Staying Ahead of Extortion Attempts
Despite the ever-present threat of cyberattacks, there is a silver lining: By implementing proper systems and building out your cybersecurity technology stack, you can protect yourself against ransomware threats and have defense mechanisms in place should your organization fall victim to an attack.
To ensure your organization is properly protected:
- Educate your team regularly.
The number one way to improve your chances of avoiding ransomware is with continuous education of your employees. InfoSystems uses simulated phishing and awareness training, penetration testing, and other tactics to identify vulnerabilities and provide ongoing education to your staff.
Organizations that don’t think they’re vulnerable to ransomware are often the ones that get hit the hardest. Awareness training should be part of your regular conversations with your employees in the same way that human resources discusses personnel policies.
- Implement the latest software solutions.
If your systems are vulnerable, there’s no amount of awareness training that will fully protect your organization against a breach.
The first item to consider is patching all connected devices on a regular basis. We know that continual updates and maintenance windows can be time-consuming, but ransomware presents a much larger problem.
It’s also critical to evaluate your overall approach to ransomware as it relates to security and backups. If a ransomware breach hits your infrastructure, it could easily infect your backups as well. We partner with IBM to deploy SafeGuarded Copy, creating an air-gapped backup solution. In the event of a ransomware breach, your backup made with SafeGuarded Copy will remain free from infection, potentially saving you tens of thousands of dollars in terms of payments and lost productivity.
Lastly, assess the way in which storage is structured on your network. Many organizations think they either have to be all-in on a public cloud or all-in with on-prem. The ideal approach is a hybrid model. With IBM’s Storage as a Service, you’ll realize advanced capabilities that strike a secure balance with data distribution to maximize protection and security, but also gain high availability to significantly reduce the risk of business loss due to ransomware attacks.
- Contract with a trusted third party.
Our team of experts takes a vendor-agonistic approach to develop an effective, multilayered defense against cyberattacks and ransomware threats. This means we’ll take the time to listen to your individual business challenges and technology needs and develop a customized solution to protect your business, your employees, and your customers.
Even if you have a fully staffed IT department, having a third-party vendor can be a value add when working toward enhanced security. Just as the accounting department works with auditors each year, bringing in outside expertise is an opportunity to validate your approach to defending against ransomware.
Ransomware is a problem that’s not going away, and unfortunately, should be seen not as an “if,” but as a “when.” Our cybersecurity experts have decades of experience in protecting businesses against ever-evolving threats. Contact us today for a consultation.