Over the past two weeks, nearly one hundred countries have fallen victim to ransomware in the largest cyber incident seen in a long time. The attacks were conducted by a group of hackers exploiting a vulnerability in the Windows operating system, originally discovered by the NSA, allowing them to slip ransomware undetected onto thousands of machines across the globe. Among the companies effected are FedEx, Spain’s Telefonica, Russia’s MegaFon, and a substantial portion of the United Kingdom’s healthcare system.
So what is ransomware? Ransomware is a type of malware that infects the target computer and encrypts the users data, effectively locking the victim out until a ransom, usually in the form of Bitcoin, is paid to the attacker in exchange for a decryption key. Ransomware has been the most up-and-coming form of malware in the past five years, effecting everything from the criminal justice system, to universities, to hospitals. This begs the question, if ransomware is so common, why are so many organizations still falling prey when they can prepare themselves?
Simply put, ransomware is an ever-evolving entity, with hackers developing new variants just as quickly as old variants are deprecated. It is difficult for a company or organization to keep up with current patches and defensive cyber protocols without the help of an external cybersecurity team. Without such a team, some companies have felt so threatened by ransomware attacks as to keep a Bitcoin wallet, loaded with money in preparation for an attack they feel hopeless to defend against. This all seems grim, but there are ways to stay protected.
First and foremost, as for every cyber attack, but especially ransomware: backup your data! Any data that is of any value to you, your company, or your clients, should exist in at least one secure backup if not more. Nothing is better for your company when an attack hits than being able to tell an attacker, “I won’t pay your ransom, I have two backups. Better luck next time.” Backing up data is extremely simple to do, and can protect you from so much.
The next thing that can be done to remain protected is to stay up-to-date on your antivirus and operating system. The reason for this is straightforward: no computer is impervious to ransomware, and that keeps us members of the cybersecurity profession up at night. We can’t just magically determine what is and isn’t ransomware and block it from your system, at least not always.
Bringing me back to my point: every time a variant of ransomware goes public, thousands of antivirus experts immediately go to work, analyzing every aspect of the virus, from known IP origins, to the exact folders it will attempt to encrypt. They then blacklist the signature of the variants and notify large software and antivirus companies. The companies will create patches with that information, and the next time you update your software, you will be protected from this new threat.
This is something that pains the victims of the recent attacks, as the exact Windows exploit that was used to cause so much damage, was discovered and publicized months ago. Hackers still used the exploit, knowing that targets would not have the time to update all of their software, or just wouldn’t be concerned. Unfortunately, even with all this preparation, you still can’t be truly safe. You need help.
FSA’s Security Operations Center (SOC) protects clients from ransomware attacks by monitoring network traffic 24/7, 365, working with your IT department to stop attackers, locking down infected machines, raising cybersecurity awareness, and providing comprehensive assessments on your network’s security. There are too many things for your IT department to keep track of on top of their daily tasks, which is why every company needs a SOC working alongside them.
FSA uses advanced intrusion detection systems, complex machine learning algorithms, and Darknet threat intelligence to detect any potential ransomware attack long before an IT department can. Should any potentially malicious email or file end up on one of your machines, FSA contacts FIT Solutions, our sister IT company, and they will immediately send an engineer onsite to shut down the infection and prevent damages. Once the data and the network have been restored to full functionality, FSA’s expert team of cybersecurity analysts will review the incident extensively, and determine any and all configuration and software changes needed to prevent that attack in the future.
Advances in the cyber world have gone a long way to change society, but with these changes come a growing threat. Bad people with a gifted understanding of technology lay waiting out there, developing new software that can penetrate all sorts of devices, and cause immeasurable amounts of damages. We see attacks like those which took place during this past month more and more often. Whether it be new and advanced ransomware, or old malware residing in the deep corners of the internet like a land mine waiting to be stepped on, stay informed, stay aware, and stay protected!