Following a recent ransomware attack, officials in Riviera Beach City, Florida agreed to pay hackers’ demands of $600,000 in an effort to retrieve their encrypted data. This occurs as thousands of others in the US and worldwide are flooded with similar cyber attacks—in recent news: Atlanta, Baltimore, as well as 5 healthcare clinics and dozens of US hospitals.
In particular, the SamSam virus caused significant ransomware destruction between 2017-2018, resulting in $30 million in damages to over 200 entities across North America and the UK. Security researchers have reported that healthcare facilities continue to be top prey for these cyber attacks because they have a constant need for data access and are more likely to pay ransoms faster.
According to the Department of Homeland Security, ransomware is now the quickest growing malware threat and can be worrisome to both individuals and organizations. During the first quarter of 2019, ransomware attacks on businesses reportedly increased by 195%, and 71% of ransomware attacks in 2018 targeted small businesses. Verizon’s Data Breach Investigation report for 2018 found that 70% of all malware attacks were ransomware-related.
How Protect Yourself
Ransomware is most commonly delivered through “phishing” emails or “drive by” downloads. Once a user is infected with the malware, data is encrypted until a “ransom” is paid to the hacker. Hackers are often not interested in stealing your information, but rather simply locking it up so that you have an incentive to pay their ransom.
With these nation-wide threats comes the potential for it to happen to any of us at any moment. So what can you do to prevent this from happening to you?
1. Secure your back-ups. It’s imperative to constantly and consistently back up your critical data for security so that if your files were ever to be held for ransom, you aren’t completely disabled by the attack.
2. Keep continuously patching. If you consistently patch endpoints and servers, your chance for ransomware attack dramatically decreases. If you haven’t done so yet, stop what you’re doing and immediately disable the outdated Microsoft SMB protocol version 1 or apply patch MS17-010. Double check that antivirus, firewall and other protections are always up to date as well.
3. Be cautious of phishing. According to the 2018 Verizon DBIR report, phishing is responsible for 32% of current breaches and 78% of cyber-espionage incidents. Hackers are commonly known to begin their attacks through phishing campaigns. If you ever receive any unsolicited calls, emails, texts, or chats, do NOT respond or click on any links before confirming it is legitimate.
4. Remove local admin privileges. Cyber education and awareness for employees at any organization is essential, but you must cover all bases. Removing local administrator rights is key for endpoint security. According to TechRadar, “by implementing a combination of least privilege and application control policies on endpoints and servers as part of a larger Zero Trust approach, you can mitigate the risk of malware like Robinhood spreading from its initial infection point.”
And finally, if you suspect you have been infected with ransomware, first isolate the infected system. Turn off all other computers and devices nearby. Next course of action: contact local FBI office or local US Secret Service office for immediate help. According to Renee Dudley, senior technology reporter at ProPublica, contacting your local law enforcement is not recommended for suspected ransomware attacks, as they are not equipped for dealing with high-level cyber crime that can often be widespread into other countries.
Further reading: here, here, & here.
Be safe out there!
- The PJ Networks Team
