Ransomware - It's time to get serious

At our last company all-hands meeting in December, one of the security engineers said: “This is the year of Ransomware.”  He could not have been more right.

In recent weeks, we are seeing ransomware attacks show up everywhere.  The truth is it is nothing new; it’s been around a long time.  When doing “Family IT Support” (all IT professionals are also IT support for their extended family), I experienced this many time with XP.  There seemed for a few years to be a decrease in the amount of ransomware attacks we were seeing, until now.

Based on the fact that Ransomware works (unfortunately, people are paying), we are seeing a huge increase.

It is becoming one of the leading ways for cyber criminals to extract value.  In the past, they would steal your credit card or personal information, then resell it, or use it to someone how extract money.  That seems like so much work to them now.  The cyber-thief can now go directly to the source they stole from and get paid!  It really is scary, I’m an IT professional that has a pretty good handle on IT Security, and even I worry about my personal and business data.

What to do…  First, I’m not writing this article for the large government or commercial clients that ITS maintains.  These organizations have huge teams of Cyber Security professionals that fight this battle every day.  While my company has unique offerings that provide these customers value every day, this format is not the appropriate way to address those needs, nor could a simple article like this address the complexity of their systems.  My advice is intended more for the small companies that do not have a full time IT Professional focused on security or the larger ones that just have not done a good job of keeping up with this changing world.

If you have a fear that you or your company could be in jeopardy of a ransomware attack, take these steps:

1. Educate your users on the threat of Cyber Crime.  Maybe they’ll stop opening those suspicious emails!
2. Change you end users behavior.  This is easy to say, hard to do, but start today.
3. Inventory what you have and where it is.  Most people think securing things is the most important first step, but if you don’t know what you have or where it is connected, how can you secure it.
4. Ensure that all incoming web and email traffic has been scanned.  No exception.
5. Remove or secure any device on your network that is not yours.
6. Secure all your endpoints.  I just can’t believe how many people still do not fully configure their endpoint security tool.  Anti-Virus is NOT enough.  Your end point are now your biggest risk, period.
7. Encrypt all your data and set access control on everything, why wouldn’t you?  Don't tell me it costs too much, the cyber-criminal will be doing it for you eventually if you don't.
8. Implement a tool and policies to make it impossible for unauthorized users from removing secure or sensitive data from your network or your corporately secured devices.
9. Backup your important data and have an air gap of that backup.  Check you backups for integrity.  If you have an air gapped and verified backup, paying for your data becomes unnecessary, you still have it.
10. The list can go on and on.

The typical excuse I get is that they are not accustom to investing in cyber security, or that it is too expensive.  People, ransomware and the after effect of never being fully secure is far more expensive then whatever you need to do.  There are other things that you would preemptively invest in to ensure that it does not happen, it is time to do the same for cyber security.

Paying the ransom is only the beginning of your true cost if a ransomware event happens at your organization.