The most recent ransomware attack shows that every business needs to protect itself.
If we've learned anything over the past 16 months, we have seen firsthand how quickly a pandemic can spread and take over our daily lives. After a year of wearing masks and avoiding high-risk environments, most people are ready to get back to normal, but not without the memory of how catastrophic it can be when a virus gains a foothold and--if not addressed--causes serious problems. We know because we've experienced it. In the case of Covid-19, those problems included a near-complete shutdown of every major economy, overburdened health care systems, and fraught political and moral questions over how to keep people safe and beat the virus. Now, as the world gets close to the coronavirus finish line, another pandemic threatens many of the same consequences as it spreads across the globe: ransomware.
Before I go further, I want to be clear that I don't say that lightly, and I don't want to minimize the fact that more than 184 million people have been infected with Covid-19, and almost four million have died. I do, however, want to highlight the fact that every business owner should be concerned with the fact that ransomware attacks have increased 500 percent since the beginning of Covid-19.
Certainly, we would hope that the lessons we've learned during this pandemic will help us be better prepared for the next. The problem is, the next pandemic is already here. It just isn't viral--it's digital.
High-Value Targets
Over the holiday weekend, REvil, the Russia-linked hacking group, appeared to have targeted at least 20 managed-service providers, which provide IT and backend network security services for small and midsize businesses. That's the same group that was credited with an attack on one of the largest meatpacking companies in the U.S. The news comes after another group shut down the Colonial pipeline earlier this year, causing disruptions across the East Coast.
Ransomware attacks involve a hacker installing software on a network that prevents the owner from accessing their devices or their data. Essentially, they kidnap your business and demand the payment of a ransom in exchange for releasing your network. For example, Swedish grocery store chain Coop had to close its 800 stores because the hack caused a shutdown of its payment processing system. In this case, the problem is complicated by the fact the attack targeted trusted software that is usually used to protect networks and computers from malicious attacks.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), attackers were able to export a "vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers." Put another way, the attackers were able to potentially infiltrate the source code of software used across thousands of networks. In that way, this most recent incident is similar to the SolarWinds attack last year, though that attack was mostly thwarted before the hackers were able to gain complete control over the targeted networks. While it is almost impossible to eliminate all risks of ransomware, there are a few things you can do to make your network a less desirable target. Usually, attackers are looking for high-value targets with easy-to-exploit vulnerabilities.
Offline Backups
One of the simplest and most effective tools against ransomware is to back up your system locally on a regular basis. Those backups should be then kept offline so they can't also be targeted by ransomware. If you have a copy of all of your data, it'll take some work, but it'll be a lot easier to recover than having to pay an expensive ransom, which just encourages more attacks.
Restrict Permissions
Generally, security experts recommend that a given user only have the minimum level of privileges required for their work. In many cases, malicious software can't take over a computer if the user account doesn't have the ability to make changes at the root level.
Keep Software Up-to-Date
While we've seen instances where malicious code piggy backs on legitimate software, in general, you're safer if you keep your systems regularly updated. That means both in terms of security patches for your operating system, as well as antivirus software that can isolate and remove malware.
Don't Click on Unknown Links
Finally, never click on links in emails or text messages that aren't from a trusted source. Hackers have gotten far more sophisticated, meaning that you have to be increasingly careful whenever you open an email, but as a general rule, if you weren't expecting to be sent something to download and install, don't click on the link.
This article was originally published by the Inc. Magazine.
