Chat with us, powered by LiveChat Skip to main content

Local Ransomware Attacks

 Whenever I read about local businesses experiencing ransomware attacks I think it’s a shame. And with the current geo-political state of our world things are likely to get even worse.

 Very few details get released after a hack. My assumption is that we are still getting hit by many of the same old tactics we did as far back as the early 2000’s –  Email phishing, vulnerable websites and compromised employee credentials.

 There are plenty of good products and services out there to defend against many of these attacks, or at least limit the damage they can inflict. However, as I recently heard from a major software vendor,  “I quote a lot of this stuff, but it’s not selling yet.” This observation is definitely true for the small and medium business segment.

Active Defence / Managed Detection and Response

 Most of these ransomware attacks are automated. When someone encrypts all your corporate data, they are going to make noise. When someone probes your internal network it is also going to make a lot of noise. This is where active defense systems come in. Having an MDR (Managed Detection and Response) system is an essential business expense from my perspective.  A Honeypot is also an excellent idea depending on the case.

 MDR’s are not just software, it’s people. If you want to win a fight you are going to need professionals on your side. This type of software allows your security vendor to monitor your network, servers and PC’s 24/7. On top of that, they normally use AI systems as an added layer of protection. Monitoring is key.  Once an attack starts (at any time during the day) you need software and people who 1) can identify the attack, 2) stop the attack before it escalates, 3) notify you.  All of this needs to happen in real-time.

HoneyPot

When an attacker gains access to a new network, they may need to probe the network to understand the layout and the potential targets. If there is a honeypot on your network, the second the attacker “touches” the honeypot it will alert you. I have done many penetration tests with quality security contractors and they have thus far always been caught by this. It’s just not something they see out there on a regular basis. Besides, hackers today need to do volume, so speed is of the essence. A honeypot really causes issues for them depending on the type of attack. The cost of a honeypot is very low. Ask your vendor if they know how to deploy one and monitor it. Learn more about how honeypots work here.

2FA / Multi Factor Authentication

This is a real pain to the attackers. Once Two Factor Authentication (2FA) is running, it is much more difficult to compromise a user account. The users on your system now have 2 passwords.  1) The regular password and 2) They must also click a button to authorize the login through their phone.  We must understand however that 2FA is also going to make the lives of users more difficult and it really needs to be approached as a team effort. A 2FA solution is typically in-expensive.

Organization

 With all the high-tech ways to defend against attacks, this is probably one of the most important.

 Many of these attacks (even at larger organizations) have been accomplished by exploiting employee accounts that are no longer with the organization. The removal and management of users, mobile devices and PC’s is a critical yet overlooked area of security. Good HR control and solid processes are also key to a secure system and sometimes overlooked. 

Backups

Sometimes attackers are even capable of destroying the backups. There are many ways to protect backup data. One way is called “immutable backups”. This means that once the backup is completed, it cannot be changed until after a certain date. Another way is a good modern tape system. Once the tapes are removed from the system and secured in a safe, it would be extremely difficult for an attacker to destroy those for obvious reasons. For those that can’t run a tape system, there are many good cloud services available.

In Conclusion 

There are many effective ways to defend against these types of ransomware attacks.  Some protection measures are simple and in-expensive, others are more expensive and complex. I think that many organizations are just not looking closely and executing on cyber security yet. Their risk tolerance level is high.

My advice: Find yourself an IT provider that has security experience, a high level of organization and low turnover and take a look at your options given your needs. On the management side, security costs and even cyber insurance should be considered a “normal” expense and will likely become a mandatory requirement at some point, and in certain industries.

Get in touch with us if you have questions or would like a review of your current security measures. Getting hacked is a crappy way for any business to be in the news.