2017 was widely regarded as the “worst year ever” for data breaches and cyberattacks, largely due to the rise in ransomware. According to the Online Trust Alliance (OTA), cyberattacks targeting businesses nearly doubled in volume from the previous year. By the year’s end, experts were already predicting worse things to come in 2018, and it seems their predictions may be coming to fruition.
In this past week alone, both the City of Atlanta and Boeing have experienced ransomware attacks that caused varying degrees of damage. What can organizations take away from these experiences to strengthen their own security protocols?
Let’s take a look at a few areas:
- What ransomware is and how it works
- What happened in Atlanta
- What happened with Boeing
- Who’s at risk from ransomware
- How we can protect ourselves
The Rise of Ransomware
Ransomware is a relatively new form of malware or malicious software. It made its debut stateside in 2013 with the CryptoLocker attack, and it does just as its name implies: it holds your computer (or computers) hostage by encrypting your data and not removing the encryption until a ransom is paid, usually in cryptocurrencies. And it’s become highly profitable for hackers: security experts estimate global ransomware damage reached over $5 billion in 2017 alone—and it continues to grow at a yearly rate of 350 percent.
While law enforcement officials recommend not paying the ransom, as it encourages more attacks, many companies simply cannot afford to go without access to their data for any length of time (or the repercussions of losing their data completely). And because most ransoms are relatively inexpensive, usually between $700-$1400, making the payment and making the problem go away often seems to be the most attractive option; in fact, a Trend Micro study reveals that nearly 65 percent of organizations simply choose to pay up.
Of course, there’s no guarantee the hacker will make good on the promise to restore data when payment is received. This makes it all the more important to protect yourself so that you’re never put in this situation to begin with.
The Lockdown in Atlanta
Finally, back online after almost a week of being held hostage, the City of Atlanta can now get back to business. Considered one of the longest and most consequential cyberattacks ever unleashed upon a major American city, things were in dire straits for a while.
It remains under investigation just how the SamSam hacking group was able to infect the city’s computers with their ransomware, but we do know that, on March 22, the breach affected nearly 8,000 computers, encrypting files with the words, “I’m sorry” and demanding payment of $51,000 lest the data be lost forever.
Employees were forced to write out reports by hand, court cases needed to be canceled, and many residents were unable to pay bills or file reports. Today, the city remains mum on whether the ransom was paid, but had they found a fix it seems likely they would let that be known; this lack of transparency has most speculating that the ransom was, in fact, paid.
The Boeing Breach
Boeing employees and customers were in a frenzy this past Wednesday as news of a cyberattack rocked the aerospace company. WannaCry ransomware, which first reared its ugly head in May of 2017, was back and had found a vulnerability within Boeing. Fear ran rampant, with many wondering if vital airplane-production equipment could be taken down.
Thankfully, disaster was averted and the attack’s consequences were minimal; by evening, Linda Mills, head of communications for Boeing Commercial Airlines, stated “the vulnerability was limited to a few machines. We deployed software patches. There was no interruption to… any of our systems.”
So how did it happen? WannaCry exploits a weakness in Windows software to gain access to a network. Unlike the situation in Atlanta, however, WannaCry is a broken virus and there’s no way for the victim to actually pay a ransom; it’s simply deployed to damage systems. While Microsoft issued patches to cover the weakness, organizations failing to update systems remained vulnerable to hackers.
Who Is At Risk?
Ransomware can target a single individual or an entire organization. Of course, organizations usually have the ability to pay more and generally stand to lose more, making them more valuable to hackers. And, while the City of Atlanta and Boeing are large targets, understand that ransomware attacks are leveled at small and medium-sized businesses (SMBs) with even more frequency.
SMBs usually have weaker protections, yet still, have access to customer records valuable enough that the SMB will willingly pay up in order to regain access to their data. It often comes down to what type of information they house; if there’s banking or credit card information, social security numbers, and/or patent information that data is extremely attractive to a hacker.
Healthcare organizations are also frequent targets because they store a lot of personal information, and can’t afford to lose access to it—even for a few minutes.
Lastly, universities are increasingly finding themselves the victims of ransomware. A lot of file sharing occurs on a university campus, making access easy for them. And universities often have the means to pay.
7 Ways We Can Protect Ourselves
With ransomware growing at a yearly rate of over 350 percent, it may only be a matter of time before it affects you or your organization personally. There are a few things we can learn from the incidents in Atlanta and with Boeing.
- Educate employees. Ransomware can be unleashed upon a company through human error. A simple click on suspicious link can affect the whole network, resulting in damage and data loss. According to a Help Net Security survey, over 30 percent of office workers admitted they were not familiar with ransomware. So, it’s important to have those conversations.
- Employ content scanning and filters. While education is important, people make mistakes. A scanner or filter on your mail servers can check for known threats within inbound emails and block any attachment that could be dangerous.
- Install antivirus. Ensure your AV is current across all endpoints within your organization; viruses are always evolving, so AV is not impenetrable, but it is a solid first line of defense.
- Update. Regular updates help maintain the integrity of your systems. As we saw from the Boeing situation, ransomware was able to exploit the security weakness only on computers that had not been updated, while those that had been updated with the patch were protected from the attack.
- Backup. If you backup your important data every day, whether to the cloud or a local storage device, attackers have a lot less leverage; rather than pay them to retrieve your data, you can backup to the previously saved data with minimal loss.
- Restrict privileges. Not every employee needs all privileges; they only need to be able to perform their work-related tasks.
- Create a patch management plan. Ensure your organization is managing patches and upgrades for your software companies by developing a plan of action. There are also patch management programs that can scan systems to determine if any patches are needed. Patches were largely responsible for stopping the potential damage of the Meltdown and Spectre bugs from early 2018.
Ransomware is here to stay—for a while at least. Until organizations adopt all prevention techniques and refuse to give in to the demands of hackers, they will continue to seek out this easy money and hold our most critical data hostage. With 2018 predicted to be yet another banner year for ransomware hackers, now is the time for organizations to assess their security, make improvements, and determine if it may even be the time to bring in some managed IT services, such as Disaster Recovery as a Service (DRaaS). Don’t wait until it’s too late to protect your most critical data!