Have you been hearing a lot about ransomware on the news lately? You’re not alone. The recent attacks on Colonial Pipeline and JBS have taken the conversation about cybersecurity to a whole new level.
On May 7th, the ransomware attack on Colonial Pipeline caused a six-day shutdown and a panic run on gas in multiple states throughout the East Coast. The company was only able to restore operations after paying the $4.4 million in ransom.
Just a few weeks later, at the end of May, another big attack was in the news. This time the world’s largest beef and pork producer was hit. JBS had to shut down several plants in the U.S. and other countries for close to a week. The ripple effect included higher meat prices.
JBS also paid the ransom to get their facilities back up and running. They paid $11 million to the hacking group out of Russia called Revil.
These attacks have led to the Whitehouse urging companies to increase their cybersecurity and exploring ways to require important infrastructure-based companies to have necessary protections in place.
You’d think that large organizations like Colonial Pipeline would have all their “ducks in a row” when it comes to cybersecurity best practices, but unfortunately, that’s often not the case.
The Colonial Pipeline CEO testified before the Senate Homeland Security Committee and explained that they believe the hackers got in through a VPN account that was not in use and did not have multi-factor authentication (MFA) enabled.
He didn’t elaborate on the security of the password being used, but regardless, using MFA to protect all online accounts is a standard best practice.
Ransomware Is Becoming Worse for Many Reasons
Ransomware isn’t just in the news because of those attacks. There have been warnings by security experts for over a year about the steep rise in attack volume and cost.
In 2020, ransomware attacks increased 485% as compared to 2019.
The cost of remediating an attack has more than doubled over the last year to $1.85 million, with the average ransom demand now at $170,404.
Reasons that ransomware has been on a rampage include:
- A majority of companies pay the ransom, which emboldens the attackers to continue and increase attack volume.
- Too many companies are unprepared with a backup and fast recovery process.
- Hacking groups like REvil have branched into selling Ransomware as a Service (RaaS), which democratizes attacks for the less experienced criminals.
- Ransomware is big money, so more efforts are put into optimizing it for more attacks.
Ways To Protect Your Business from a Ransomware Attack
Use a Solid Backup & Recovery Strategy
There are two important pieces to a solid backup and recovery strategy. The first is the backup. You need to ensure your data is being backed up regularly from all devices to a safe storage area that will be protected should your devices be infected with ransomware.
The second is the recovery process. You need to have a fast recovery process that can be executed quickly to mitigate downtime. Some companies end up having to pay the ransom even if they have a backup because they think it will get them up and running faster due to a slow recovery process.
Keep Employees Well-Trained on IT Security
Phishing is still the #1 method of perpetrating cyberattacks, including ransomware. The malicious code has to be introduced to the system somehow, and if a user does it, the code can often bypass other security.
Conduct ongoing cybersecurity training on how to spot a phishing email and what to do if an infection is suspected (such as immediately disconnecting the device from all networks).
Use Multi-Factor Authentication & Other Password Security
Seventy-seven percent of cloud account breaches are due to passwords being compromised. MFA puts a stop to a hacker even if they have an account password.
A best practice would be using MFA in combination with a password manager. The password manager could ensure that employees are using strong passwords, and MFA would protect accounts even if the password were compromised.
Firewall & Anti-malware
Standard network protections that help prevent ransomware intrusions and detect any trying to get in are a network firewall and anti-malware.
All devices should include anti-malware, including mobile devices, to help keep any threats from infecting a device and through that device, your entire business network.
Use DNS & Email Spam Filtering
DNS and spam filtering work hand-in-hand to prevent ransomware and other malware infections.
Email spam filtering helps keep phishing emails out of user inboxes, which significantly reduces the risk of an accidental click causing an infection.
DNS filtering blocks malicious phishing sites which are often linked to phishing emails. This keeps users from infecting their devices by visiting a dangerous website.
Get Worry-Free Protection from Online Threats!
ECN IT Solutions can help your Tucson area business with expert managed IT services that include multiple security safeguards to protect you from ransomware and other threats.
We’re here and ready to talk IT security with you! Reach out at 520-200-1055 or through our website.
ECN IT Solutions is a managed service provider (MSP) based in Tucson, Arizona that provides full-service, outsourced IT Support for companies across the Southwest. We offer network monitoring and management, cybersecurity, and a help desk with a response time of under 10 minutes. For more information, contact us online or call (520) 355-7553 and we’ll get in touch with you faster than you can believe.