The threat from ransomware continues to spread and grow even worse. Recently, multiple local municipalities have been hit with ransomware, crippling their systems and taking up a lot of time in recovery.
Even more worrying is the trend of companies paying ransoms through insurance. Let's look at some recent prolific ransomware cases, what they illustrate about this trend, and what your business can learn from all this.
Texas Government Agencies Hit With Ransomware
In the morning of August 16, 2019, over 20 government entities in Texas were hit with a ransomware attack. They were mostly smaller local governmental bodies. After digging into the situation, the authorities believe that it was a coordinated attack that came from one person.
As of this writing, an update from the Texas Department of Information Resources states that "more than half" of impacted entities are back to business as usual. This post also reveals that after the attack, it took a week's time for all the entities to transition into remediation and recovery and restore business-critical services.
A week is a long time to wait in order to get business-crucial systems back up and running, and having only somewhere above half of affected agencies operational after four weeks doesn't inspire confidence either.
Thankfully, the Texas DIR believes that no ransom was paid in this attack. However, that wasn't the case with similar attacks in Florida.
Florida Governments Pay Up for Ransomware
In summer 2019, three local Florida governments in Riviera Beach, Lake City, and Key Biscayne had their systems hit by ransomware. In all three cases, the infection spread when an employee interacted with a hostile email message.
These attacks caused massive outages and millions of dollars in damages. Because infections can spread across systems, city websites, billing systems, and even emergency services were affected.
The city council in Riviera Beach decided to spend nearly $1 million on new computer equipment. But since they didn't have a backup of the data, they also unanimously voted to pay the attackers nearly $600,000 for the ransom. A few weeks later, Lake City paid a $500,000 ransom in a similar attack.
While it's not clear what Key Biscayne decided to do with the ransom, it's known that they did pay a data recovery group $30,000. In the cases of Riviera Beach and Lake City, insurance companies paid most or all of the ransom. City officials decided that doing this was the easiest path to take.
Why This Trend Is Worrying
Companies getting hit with ransomware isn't new, as it's been happening for several years. Seeing governments rely on insurance to pay ransoms (not to mention taxpayers shouldering some of the burden in Lake City), though, is concerning.
It's not hard to see where this issue is headed. If companies can simply rely on insurance to pay ransomware demands, they have no incentive to avoid paying the ransom.
As we've discussed in the past, like with the GandCrab strain of ransomware, paying a ransom isn't a good idea. Not only do you have no guarantee that the attacker will actually unlock your files for you, but paying the ransom incentivizes criminals to continue developing ransomware.
If wrongdoers know that insurance companies will end up paying whatever ransom they ask for, they'll end up creating more effective attacks and demanding more money.
Nobody wins in this scenario, except the attackers. Insurance companies will end up paying huge sums of money to the offenders, which could raise premiums for everyone. Meanwhile, the root of the issue is never addressed.
What Should Companies Do to Stay Safe?
The best way to avoid finding yourself in a terrible situation like the government entities above did is to prepare. Know that ransomware exists, that it's nasty, and it can infect anyone. Practically, there are two steps every company should take to fight back against ransomware.
Keep a Secure Backup
First, it's vital to have a backup that's resistant to ransomware. If you keep your backup on the same network as the rest of your systems, ransomware could spread across the network and encrypt your backup as well. That would defeat the purpose of having a backup to begin with.
Instead, you should keep a backup on a totally separate network that has a unique set of credentials to access. That way, even if ransomware spreads across your network, it won't see the backup.
Use the Right Mix of Security Tools
Second, your business needs to have the right security tools in place to help prevent ransomware. No single instrument is 100% effective, so having multiple tools helps reduce the risk. However, even with this, nothing is guaranteed.
As a business, you should have three layers of protection:
- Business-grade antivirus software.
- Network DNS filtering for each computer (we recommend Cisco Umbrella).
- Web and antivirus filtering enabled and configured on your business grade firewall.
Finally, these tools require monitoring and maintenance. They will not do you any good if they stop functioning properly, or fail to get updates. Having a professional constantly monitoring these tools and fixing any issues will give you some peace of mind.
Train Your Employees
Third, it's wise to invest in training and testing so employees know how to spot and avoid dangerous phishing emails. No system is completely bulletproof, and in many cases, an unwitting employee is the one who introduces the infection onto a network.
A great resource for this is KnowBe4. It's a company dedicated to helping you enable employees to make smarter security decisions. You'll find many free IT security tools like a phishing reply test, password exposure test, and ransomware simulator that you can use in training.
If you're interested, KnowBe4 also offers paid training resources. The cost of keeping your employees informed and on their toes is well worth it, compared to a catastrophic ransomware attack.
Defeating Ransomware Together
Ransomware is vile, and it's becoming more popular. Don't let your company become a victim of it like these local government bodies have.
The best way to avoid dealing with ransomware is to never let it reach your network by taking steps beforehand to prevent it. Having the right tools and training is paramount to this. And as a fallback, you must keep a protected backup that you can use to get back on track if the worst happens.
Our managed services clients benefit from the regular assessments of their network that look for security risks like ransomware. Engage with a professional that has a well-defined security process to help evaluate your network before a ransomware or other event takes place.