Four Ways to Prevent Ransomware Attacks Now

Published On August 05, 2021

Cybersecurity and ransomware have been dominating the news. We see these incidents and are usually quick to dismiss them. From an attacker’s perspective, stealing data and holding it “hostage” is a highly effective way to get companies to pay up. As a result, hackers are regularly attacking companies’ vital information to get their slice of the pie. 

“No company is safe,” according to recent news on why ransomware cyberattacks are on the rise. From attacks on software vendor Kaseya to the Colonial Pipeline, meat processor JBS, the New York transit system, and the ferry service to both Martha’s Vineyard and Nantucket, ransomware continues to cripple critical businesses and spans companies across all industries.

What is causing this uptick in ransomware attacks? 

Our above cited news story shares the reason ransomware attacks have surged are due to the following:  

• Rise of more sophisticated methods to infect critical systems and hard-to-trace cryptocurrency 

• Work-from-home boom providing new IT vulnerabilities 

• Political climate marked by ongoing tensions between the U.S. and Russia

So, how do you prepare your organization?

If your company does become a victim of ransomware or some other form of data breach or loss, the availability and accessibility of “immutable backups” becomes key. This means ransomware will not be able to affect previously backed up data as it’s fixed and unchangeable. Being prepared against ransomware both offensively and defensively is a prudent strategy.

In addition to the basics of good security hygiene and educating employees to recognize potential threats, the following actions are also necessary for recovery success: 

1. Set up a stringent schedule to regularly backup data critical to running your organization

2. Store a secure, air-gapped copy of your data offsite and offline as a second line of defense

3. Consider an endpoint backup and recovery solution for a more immediate fix for your remote workforce using a mix of desktops, laptops, tablets, and smartphones

4. Update your Business Continuity/Disaster Recovery (BC/DR) plan to include ransomware recovery procedures.

What happened with the Colonial Pipeline’s ransom recovery?

To give you a sense of a large-scale ransomware attack, we wanted to highlight what happened with the Colonial Pipeline and its recovery. 

The federal government stepped in to recover half of the $4.4 million ransom paid to individuals in a criminal hacking group known as DarkSide—it seized approximately $2.3 million in Bitcoins. This is the first seizure by the new Department of Justice Digital Extortion Task Force, and they widely acknowledge ransom recovery is a rare outcome. 

Typically, the federal government and security experts say companies should not pay ransom to hackers. Both agree that paying ransoms just encourages more attacks and doesn't necessarily guarantee that you’ll get your data back. 

When CEOs are put in a precarious ransomware position, calling the DHS Cybersecurity and Infrastructure Security Agency (CISA) immediately is a smart move. 

In direct response to the Colonial Pipeline attack, the U.S. government’s Department of Homeland Security’s Transportation Security Administration (TSA) announced a Cybersecurity Directive. It serves as the first cybersecurity regulation for pipelines that includes better coordination between the private sector and government with greater transparency around ransomware and other cybersecurity attacks. 

To help with this enhanced government and private sector coordination, here’s what pipeline owners must now do with new threats:

• Report confirmed and potential cybersecurity incidents to CISA

• Designate a Cybersecurity Coordinator to review current practices and identify gaps

With these ransomware attacks hitting so many businesses, the federal government now recommends all businesses report attacks to the FBI and work towards implementing plans in place to address future threats.

CISA’s efforts to combat ransomware are not new. For quite some time, its position on the issue has been that ransomware is “the most visible cybersecurity risk playing out across our nation’s networks, locking up private sector organizations and government agencies alike.” The rise in ransomware these past few years is concerning, but the response by the federal government is encouraging. 

Don’t let your company be vulnerable. Take action today to protect your data from future ransomware attacks with a solid cybersecurity strategy.