FBI Issues Public Service Announcement on Ransomware

Ransomware-1We've all heard about the businesses, municipalities, healthcare organizations, schools and other entities that have fallen victim to ransomware.  In 2018, Symantec reported that nearly 445,000 businesses fell victim to a ransomware attack.   In October, the FBI released an updated Public Service Announcement (PSA) to its original statement on ransomware threats that was initially published in 2016.  With the sheer volume of attacks that have been launched, the Internet Crime Complaint Center, part of the FBI, was compelled to update their original statement to provide further information for the public on ransomware attacks.

According to the PSA, ransomware attacks are becoming more targeted, sophisticated and costly, even as the overall frequency of attacks remains consistent.  While broad-based ransomware attacks have declined since early 2018, the losses from ransomware attacks has increased significantly per the reports to the FBI.  State and local governments have become highly visible targets for ransomware, but cybercriminals are also focused on healthcare, manufacturing and transportation.

In What Ways Does Ransomware Infect Businesses?

Methods used in ransomware attacks is constantly evolving and changing.  With access to cloud services and encryption tools, the cybercriminal today can hone their craft and target even the most secure businesses.  The following are just some of the techniques used to deploy ransomware:

  • Software Exposures:  When a widely used software program is released, hackers are immediately looking for ways in which to infiltrate.  Once they find the "in", they can gain control of the business's system and deploy the ransomware.  Per the FBI, recent attacks have involved vulnerabilities of two remote management tools used by Managed Services Providers (MSP).  Once the cybercriminal gained access to the MSP, they not only infected them, but also the networks and systems of their customers.
  • Email phishing:  This method of attack involves a cybercriminal sending an email containing a malicious file or link.  When the file or link is opened, ransomware is deployed.  While in the past the bad guys would spam hundreds of thousands of accounts at once, today their campaigns are becoming highly targeted.
  • Remote Desktop Protocol (RDP) Susceptibility:  RDP is defined as a proprietary network protocol that allows people to control the resources and data of a computer over the internet.  It is quite common for businesses to use RDP as a method to access servers, collaborate with other employees, and remotely access documents stored and backed up in their office.  Hackers have used credentials purchased on the dark web to gain unauthorized RDP access to a business's systems.  Once in, cybercriminals can deploy ransomware across an entire system.

What Should I Do If My Business Is a Victim of Ransomware?

Per the FBI recommendations, they do not recommend paying a ransom to a cybercriminal.  There is no guarantee that you will get access to your data again, and sometimes, your data may be infected with malware or some other type of danger.  Paying the ransom also sends the message to the attacker that they can continue their scam and harm other businesses.  In any and all cases of ransomware, it is important to alert law enforcement.  This will help the authorities to be able to track the criminals and work to prevent future attacks.

How Can I Protect My Business From Ransomware?

Staying on top of the trends and advancement of cyber attacks is a huge job.  With the threats constantly evolving and changing, employing the services of a Managed Services Provider can help businesses alleviate the threat of a cyber attack.  Some best practices against cyber attacks include:

  • Regular Data Backups.  All businesses have a responsibility to their customers and employees to ensure their data is safe and secure.  With an effective data backup plan, you'll be protected should a cyber attack occur.  It is important that your backup data is not connected to the computers and networks they are backing up.  Utilizing a cloud backup system is often suggested.  If an attack happens, your data backup may be the safest way to recover your data and get back up and running.
  • Implement An Employee Cybersecurity Training Program.  Informed employees are often the greatest defense against a ransomware attack.  Implementing an educational program that informs of the threat of ransomware, how it is spread and how to spot phishing attempts in email will bolster your company's cybersecurity defenses.
  • Update! Update! Update!  Every day, software companies and manufacturers release patches that protect your software and hardware against attacks.  Hackers are always searching for ways to exploit vulnerabilities, and when they find one, you can bet they'll try to use it.  Through a centralized patch management system, you can rest easy knowing your software, servers, computers, printers, MFPs and other networked devices are protected.
  • Anti-Virus and Anti-Malware Are Key.  All businesses should have a network security policy in place to ensure your network and equipment are protected.  Equipment isn't just computers and servers, but printers and MFPs as well.  Make sure you are securing all endpoints where an attacker could find an opening.

These are but a few of the defenses you can employ to protect your company from ransomware.  If you are a small or mid-size business with limited technology resources, a Managed Service Provider will likely be your best defense against cyber attacks.  Fraser's Managed IT Services provide a comprehensive security program that monitors your networks and equipment and keeps you safe from cyber attacks.