Without question, ransomware is quickly becoming the largest threat to cybersecurity and cyber infrastructure worldwide. When it begins to affect vital ecosystems such as hospitals, fuel pipelines and even food production, it’s time to start taking it seriously. And indeed it is now.
What is Ransomware?
Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. In recent years, ransomware incidents have become increasingly prevalent among the nation’s state, local, tribal, and territorial government entities and critical infrastructure organizations.
Why Ransomware is so Dangerous
Ransomware incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion. The monetary value of ransom demands has also increased, with some demands exceeding US $1 million. Ransomware incidents have become more destructive and impactful in nature and scope. Malicious actors engage in lateral movement to target critical data and propagate ransomware across entire networks. These actors also increasingly use tactics, such as deleting system backups, that make restoration and recovery more difficult or infeasible for impacted organizations. The economic and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, have also proven challenging for organizations large and small.
The Importance of Making Offline Backups
It is critical to maintain offline, encrypted backups of data and to regularly test those backups. Backup procedures should be conducted on a regular basis, and it’s important that they be maintained offline since many ransomware variants attempt to find and delete any accessible backups. Maintaining offline, current backups is most critical because there is no need to pay a ransom for data that is readily accessible to your organization.
You should also maintain regularly updated “gold images” of critical systems in the event they need to be rebuilt. This entails maintaining image “templates” that include a preconfigured operating system and associated software applications that can be quickly deployed to rebuild a system, such as a virtual machine or server. Retain backup hardware to rebuild systems in the event rebuilding the primary system is not preferred. Hardware that is newer or older than the primary system can present installation or compatibility hurdles when rebuilding from images.
In addition to system images, applicable source code or executables should be made available — whether stored with backups, escrowed, obtained from license agreements, etc. It is more efficient to rebuild from system images, but some images will not install on different hardware or platforms correctly. Having separate access to needed software will help in these cases.
Responding to System Vulnerabilities
It’s vital that organizations create, maintain and exercise a basic cyber incident response plan — and associated communications plan — that includes response and notification procedures for a ransomware incident. They should also conduct regular vulnerability scanning to identify and address vulnerabilities — especially those on internet-facing devices — to limit the attack surface.
Patching of course is an absolute necessity. Regularly patch and update software and OSs to the latest available versions and prioritize timely patching of internet-facing servers. Don’t forget to include software that processes internet data, such as web browsers, browser plugins and document readers.
Finally, ensure devices are properly configured and that security features are enabled. Employ best practices for use of RDP and other remote desktop services. Threat actors often gain initial access to a network through exposed and poorly secured remote services, and later propagate ransomware.
All of this might seem overwhelming, but V2 Systems offers the tools and manpower required to deal with the threat of ransomware. We’ll deal with the threats, so you don’t have to. Don’t be held hostage.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!