- October 22, 2020
- Posted by: Orin Swanston
- Categories: Crime, Cybersecurity
How to defend against hackers and ransomware attacks
Cybersecurity continues to be a massive and costly problem for many corporate, government and banks. In the last few weeks Ansa McAL has had their operations in some of their businesses stalled while they try to recover their mission-critical data which has been stolen and likely encrypted using military-grade encryption. Some of their businesses have allegedly paid to get back access to their data already but foreign assistance has now been solicited from the Japanese firm Hitachi due to the extent of the problem. Meanwhile the ransomware gang responsible, REvil, has advertised countless invoices, financial documents and other sensitive data for auction.
So how do you defend against these sorts of attacks? Many of these attacks begin with phishing. Phishing is unwanted malicious email or a message that appears to come from a trusted source or authority but is actually a link to a site hosting malware. First, there needs to be a firm organization policy about how email will be sent and employees needs to be educated to understand how to verify emails or documents and things to look out for that make the email suspicious.
Employees should also be rewarded for successfully avoiding phishing such as recognition, verbal or written in a manner where others can see. Failing a phishing attempt should result in mandatory education so that employees better understand how to mitigate these attempts.
Secondly, your anti-virus systems and malware scanning need to be constantly upgraded to be able to defend against the latest attacks. Operating systems need to be periodically patched & incoming mail must be constantly scanned for threats and unprotected or personal email should be avoided.
At some point, even with these precautions, an attack may still get through and cause damage. Here’s where backups come in. All data should be encrypted and backed up both incrementally and as a full periodic backup to offsite locations. Backups should also be scanned for malware. One key overlooked issue is that ransomware can wait quietly for a long time before being executed such that previous backups may also be compromised and recovery may have to come from data stored long ago.
Ransomware unfortunately remains a very profitable enterprise and there is no shortage of cyber-gangs willing to try. It’s not recommended to pay these criminals since it further incentivizes them to do the same to others. These cyber-gangs are backed by millions of dollars in equipment and talent and all the time in the world to get their next score. Ransomware is one of the the most dangerous types of malware and staying one step ahead requires constant vigilance but also requires a team that has the financial backing to be able to protect against threats efficiently.