RANSOMWARE

DEFENSE

Family Owned & Operated


Defending Against Ransomware

It's All About the Basics

Authentication, Backups, Updates, & Least Privilege

The concept behind ransomware is simple.  An attacker plants malware on your system that encrypts all the files, making your system useless, then offers to sell you the key you need to decrypt the files.  Payment is usually in bitcoin (BTC), and the decryption key is deleted if you don’t pay within a certain period.  Payments have typically been relatively small—though that’s obviously no longer true, with Colonial Pipeline’s multimillion-dollar payout.

Recently, ransomware attacks have been coupled with extortion: the malware sends valuable data (for example, a database of credit card numbers or vendors information) back to the attacker, who then threatens to publish the data online if you don’t comply with the request.  

inSync's security basics include strong passwords, two-factor authentication, defense in depth, staying on top of software updates, good backups, and the ability to successfully restore from backups go a long way.  Not only do these  practice protect your from becoming a ransomware victim, but those basics can also help protect you from data theft, cryptojacking, and most other forms of cybercrime.

Our job is to prioritize good security hygiene for your business, so your business is protected from attacks.  There has been a marked increase in ransomware attacks fueled by the rise of the “triple extortion” ransomware technique - whereby attackers:

  • Steal your sensitive data & threaten to release it publicly unless a payment is made;
     

  • Target your customers, vendors or business partners in the same way.

The best defense is to be prepared.


It Can Start with  Phishing

Ransomware attacks frequently start with phishing. An email to a victim entices them to open an attachment or to visit a website that installs malware. So inSync trains against phishing & makes sure your business's employees are aware of phishing, & are very skeptical of any attachments they receive, and appropriately cautious about the websites they visit.

Unfortunately, teaching people how to avoid being victimized by a phish is a battle you’re not likely to win. Phishes are getting increasingly sophisticated and now do a good job of impersonating people the victim knows. 

 

Phishing Example 1:

We know of one example of an accounting employee getting an email from the owner & making a request of a $200,000 payment to a new vendor.  The bank information for the new vendor was included in the email.  They emulated the owner's writing style, the email address was one letter off, & the employee emailed back (to the attacker) confirming the request.  It was paid.

Phishing Example 2:

An accounts payable clerk was emailed by a vendor with their new bank account information informing the clerk of the change.  The clerk requested the change on their letterhead which was promptly received.  The attack resulted in multiple payments totaling over $400,000.

A simple phone call could have stopped both of these phishing incidents.

 

9 Best Practices to Defend a Ransomware Attack

  • Two-factor authentication password protection
     

  • Regularly scheduled back ups performed locally & in the cloud that are isolated from your network.
     

  • Proactive employee training helps users to recognize threats & reduce the risk of a breach.
     

  • Network intrusion detection systems (NIDS) deployed at strategic point or points within the network, where it can monitor inbound & outbound traffic.
     

  • Email filtering protects our clients from malware and spam as well advanced threats like targeted spear phishing and ransomware.
     

  • Regularly apply security patches to servers & desktops.
     

  • Whitelist applications & websites which is a more trust-centric approach & is considered more secure.
     

  • Users are granted minimum access or permissions needed to perform job functions.
     

  • Using logical segmentation of networks, enterprises gain improved security, better access control, improved network management, & a boost in performance.​​
     

Proactively defend your business!
Call us today!