Ransomware incidents show no signs of going away any time soon. Companies and governments continue to be faced with a tough dilemma: pay the ransom or rely on a contingency plan to regain access to critical files and systems. In this blog, we’ll discuss how to deal with ransomware in 2020 and what you can do to mitigate damage from ransomware.
Garmin is the latest company to make headlines for reportedly paying a multi-million-dollar ransom following a cyber attack that caused an outage for many of its products and services. Some reports blamed WastedLocker, a strain of ransomware, for the attack.
Ransomware attacks on the public sector, including local governments, have also been increasing in 2020. Local governments are often faced with the same conundrum of whether to pay the ransom. In 2019, Lake City, Florida paid hackers a $460,000 ransom after first trying to recover the data on its own.
Since it’s difficult (and in some cases, impossible) to break ransomware encryption, and since sensitive files often contain irreplaceable information, organizations often end up paying the ransom. Many organizations might not believe they have a choice.
However, paying the ransom is a risky proposition. There are no guarantees that a decryption key will be provided after the crooks get their money. As Kaspersky points out in a recent study, paying a ransom does not guarantee that all the information or files being held will be released as promised. Additionally, your information may have been sold to an underground market and there’s really no way to tell. There’s no honor among thieves after all.
So, what can you do to prevent or lessen the damage and cost of these malicious criminal operations?
Security Controls Can Mitigate the Damage
In a previous blog, I outlined how security controls could improve overall security and lessen your organizational risk. You can rely on these same controls to limit your ransomware risk. For instance, you can lower your exposure to ransomware by employing specific controls found in the National Institute for Standards and Technology (NIST) Security and Privacy Controls for Information Systems and Organizations.
In addition, since ransomware usually gets into systems through email attachments and malicious websites, user awareness plays a critical part in prevention. By adhering to the NIST Awareness and Training (AT) family of controls, your employees and contractors can better understand the risks and key prevention steps. If you apply and enforce the AT-2 control, you not only provide basic security training, but also prevent the spread of malicious malware in the first place.
Most malware preys on unsuspecting users to inject a payload. Emails and websites that look legitimate are created to lure people to click on a link or an attachment. By clicking through, they’re allowing attackers to access a network. Users need to be aware of this, along with other new and emerging ransomware tactics.
Restrict and Manage Administrative Rights
Controls that ensure antivirus programs are updated and patches are applied across your network are critical in preventing ransomware. After all, even the most aware users can still be influenced by crafty criminals to give up a password, whether they click on a link or divulge that information over the phone. By running well-patched applications and current antivirus software (and frequently scanning to make sure these patches and software are up to date), you can prevent the delivery of ransomware payloads even if credentials are stolen.
Similarly, using controls that restrict and manage user administrative rights can keep cyber criminals at bay. These attackers typically leverage elevated privileges to gain permission to install their malware and open sensitive files. NIST provides guidance for reducing the risk of these powerful accounts.
For example, Access Control (AC-6) describes the concept of “least privilege,” allowing only authorized access for users which are necessary to accomplish assigned tasks. By restricting access to special users, you can significantly deter an attacker from installing ransomware software and gaining privileged access across the network. You can also prevent them from locking critical files.
Ultimately, criminals may get to the front desk of your network, so to speak, but if you implement the AT-2 and AC-6 controls, you can keep them waiting in the foyer.
Don’t Pay the Ransom
After all your prevention efforts, what if attackers still get in, lock your files, and demand payment? You have no choice, right? Time to pay up.
Well, not exactly. If your organization strictly adheres to a security controls program, they can still recover from ransomware and decrease the impact. For instance, the NIST Contingency Planning (CP) controls not only address backup of critical information, but also backup intervals, offsite storage, and frequent restoration testing.
Maintaining trusted backups of all critical information at an offsite location can help you avoid paying the ransom and restore recent backups without a decryption key. While it might not be the ideal way to go, having reliable, up-to-date backups that are segmented from the network can put you back in a business in a matter of hours.
With the impact of ransomware so debilitating—loss of critical information, loss of productivity, ransom costs, reputational damage—the effort to prevent and recover from ransomware is well worth it. However, it doesn’t have to be difficult or expensive.
Basic adherence to tried and true security controls may not prevent all ransomware. However, strict adherence to a comprehensive control methodology, and frequent monitoring of their effectiveness, can reduce the likelihood of a successful ransom campaign against your organization through the rest of 2020 and beyond.