Best of Enterprise.nxt: Ransomware holds business hostage
The big computer security story of the COVID pandemic era has been ransomware. It's a phenomenon that has been with us for some time but has taken off in a big way in recent years.
In a standard ransomware attack, attackers gain a privileged foothold within the target organization's network and encrypt the organization's data. They then tell the organization that for a price, they can have the key to decrypt the data.
Such an attack can paralyze an organization. One ransomware attack in 2021, against the operator of a major pipeline network in the eastern U.S., caused widespread shortages of gasoline.
Even if the victim of the attack has backups, recovery takes time, and time is money. Sometimes victims choose to pay the ransom because decryption with the key is faster than restoring the backups—although there's no guarantee that the attacker will come through with the decryption key. Following best security practices will generally prevent or mitigate the effects of such attacks, though compliance with these practices remains spotty.
Below, we have included a range of Enterprise.nxt's recent coverage of ransomware, discussing how it works, how to prevent it, and how to recover from it.
Because the pandemic just wasn't hard enough: Ransomware has cost victims tens of billions of dollars. And it's not just the money. Ransomware attacks this year have stalled supply chains, resulted in massive data breaches, and shut down hospital services. The problem may be even worse than it appears.
The severity and variety of threats against IT have reached the stage where organizations must think broadly about their cyber resilience. Cyber resilience is the ability of an organization to absorb an attack or major failure in its infrastructure while maintaining its core functions and integrity. In the words of an old, classic advertisement, cyber resilience is the ability of a company to take a licking and keep on ticking.
You don't have an adequate backup plan if you don't know whether you can restore your data successfully and in a reasonable time period. If you haven't actually tested your restore plan, you don't know if it will work. Here's how to approach the problem and achieve an increased measure of confidence.
Victims of ransomware attacks are in a tough spot. Paying ransom is expensive, embarrassing, and distasteful, as you are funding criminal activity. But if it's the only way to save the business, it may be the least bad option.
Hospitals and healthcare networks were major targets of ransomware gangs in 2021, with the first confirmed loss of life from such an attack. Medical operations often give in quickly because they can't tolerate loss of function, and they are victimized so frequently because they have put off important security measures for too long.
Attackers still find a lot of low-hanging fruit when searching for ways to compromise an enterprise for ransomware or other purposes. In 2020, open RDP (Remote Desktop Protocol) systems were a favorite, with the rest mostly coming through email phishing and unpatched vulnerabilities.
If you hope to recover from a ransomware attack without paying up, you'll need a backup that the attackers haven't compromised. Fortunately, there are well-established guidelines, the 3-2-1 rule of backups, which should ensure you a backup you can use.
Ransomware may seem new, but it's not usually innovative, and the best-practice defenses you should always be following are usually effective in blocking it: Patch software promptly, use two-factor authentication, block unused ports, and generally follow the principal of least-privileged access.
Defense in depth is a well-established principal of IT security, as with all forms of security. One prudent layer, if all the others fail, is to have cybersecurity insurance to help recover from an attack. The better you defend your systems, the less likely you will need such insurance and the less costly premiums will be.
Bad practices that make a business vulnerable to ransomware attack include lacking a complete inventory of IT assets, failing to test recovery procedures like restoring backups, not following basic practices like applying security updates, and not having an incident response plan to put into action when a problem arises.
This article/content was written by the individual writer identified and does not necessarily reflect the view of Hewlett Packard Enterprise Company.