Blake Dowling: The battle rages on — new weapons in the fight against ransomware
The most devastating cyber-attack that could land on your door is ransomware, a type of BEC attack (business email compromise).
Ransomware attacks in 2022 continue to wreak havoc and cause massive issues in every facet of our society. This year in Florida the city of Pembroke Pines was hit in a ransomware attack joining a host of other Florida cities to have the same happen to them.
More recently, Florida International University was also allegedly hit by the Blackcat ransomware group which has taken down several others in the education space this year.
A ransomware attack usually comes from a hacker disguised as an expected email (see social engineering); if clicked, it launches malicious code and freezes your files.
Next, the hackers get involved.
They ask for payment (ransom) to get your files back. Hackers usually do their due diligence on a target and when one is infected, they customize their monetary demands based on the size of the organization. It could be hundreds, thousands, or millions of dollars for a large organization (usually in Bitcoin).
When the Colonial Pipeline was hit (remember those long lines at the pump last year?), they paid 5 million to the Darkside gang to get their files back.
There are new defenses available to defend against these attacks, such as firewalls with GEO IP filtering engaged that can stop overseas attacks. other protective tools can defend email local networks from stopping attacks before they get to your inbox, EDR (endpoint detection and remediation) others can isolate the computer that is infected and auto-remediate — which are awesome.
Plus, a redundant backup in place — if all else fails — is a best practice for your business.
Florida’s state government is also getting in the mix, after years of ransom payments being in the headlines around our state (Riviera, Lake City, etc.); they’re now asking that if there’s a cyberattack, state agencies to not pay any ransom.
This aggressive stance is effective now (July 2022) and the goal is to have hackers look elsewhere to target states. There is a reason the state responded in this manner — local and state governments keep getting targeted.
In a review by the University of South Florida, over 70% of the attacks studied were launched against government entities: everything from school districts to cities to police departments.
Will it work?
It is a good place to start in my opinion as I have written many columns on the subject and regardless of the crime, kidnapping, fraud, or ransomware — if there is no payday, criminals will move on.
But if you pay, that will incentivize others to continue the attacks. Some say that has a negative impact as hackers will just go after the private sector versus the public. We will see how it goes.
There are other provisions in the legislation that will also help (besides the ban on paying the ransom). Incident reports must be very detailed, and cyber training is no longer optional. Multiple training sessions are encouraged.
There is some language about penalties and fines for individuals who target a government entity with a cyberattack.
While I believe most of the items mentioned here are positive, with that last one, I wish you good luck.
I am sure the Conti, Darkside and Blackcat organized cybercrime gangs face bigger threats than fines from the state of Florida.
But doing something is always better than nothing.
Cybercrimes like ransomware continue to be among the Top. 5 problems for business owners, elected officials, and state agencies. Don’t forget the gangs behind these threats — they don’t just freeze your data, but in some cases, they throw in a bit of extortion.
That means if you are infected, and don’t pay the ransom, hackers threaten to expose your data online. If you store sensitive client information (see the school that allegedly lost birthdays, Social Security number, etc.) you need to be on red alert.
What can you do specifically?
— Launch two-factor authentication.
— Change your password every 30 days and keep it complex.
— Deploy advanced threat protection, plus adding endpoint protection and response tools, and
— Conduct training and email phishing simulations.
Additionally, you should have a cyber insurance policy and redundant backup plans in place, so you don’t ever have to consider having a conversation with hackers like the one I’ve detailed. It is grim. You can see an actual back-and-forth with the hackers, something you normally would not get a look at unless you were a victim.
Be safe out there.
Blake Dowling is CEO of Aegis Business Technologies; and our team is launching a Security Operations Center this summer to continue to enhance, and streamline our protections and our strategies for dealing with cyber incidents for our clients. You can reach him at firstname.lastname@example.org.