Cybersecurity is a topic that unfortunately gets the most attention after the fact. The headlines have been full of security failures the last few years as companies have been hacked, and sensitive information such as Social Security numbers, credit card numbers, and other personal data has been stolen or compromised.

In the past months, however, a more insidious form of cybersecurity problem has been gaining attention: ransomware attacks. Ransomware attacks have taken down major energy, food supply, government, and healthcare infrastructures causing serious disruptions. The attacks have shut down services, impacted consumer prices, and caused concern for individuals, businesses, and governments alike.

These attacks have evolved beyond the theft of data to compromising physical assets with consumer impacts. Hackers often encrypt data on systems and demand ransom to decrypt it, but in these cases, the primary targets have shifted from the data itself to the consumer-facing services they serve.

  • A hacking group known as DarkSide with suspected ties to Russian criminals launched a ransomware attack on Colonial Pipeline, which controls 45% of fuel to the Eastern U.S. The company was forced to shut down approximately 5,500 miles of pipeline. It led to a disruption of nearly half of the East Coast’s fuel supply and caused gasoline shortages in the Southeast and airline disruptions. Colonial Pipeline’s CEO told a Senate committee the company paid a $5 million ransom to the cybercriminals.
  • JBS, the world’s largest meatpacker announced that it had fallen victim to a ransomware attack. The breach disrupted meat production in North America and Australia, triggering concerns over rising meat prices. The company ultimately paid $11 million in ransom to a different Russian-based cybercriminal group, but not before it briefly shut down its entire U.S. operation.
  • More than a third of healthcare organizations were reportedly hit by a ransomware attack in 2020 and of those, 65% said the cybercriminals were successful in encrypting their data. Roughly a third of the organizations that had data stolen paid the ransom to recover their information, but on average only 69% of the encrypted data was restored after the ransom was paid.
  • St. Joseph’s/Candler, one of the largest hospital systems in Savannah, Georgia, was recently hit with a ransomware attack.
  • In 2019, a ransomware attack wiped out 750 government computers across Texas in less than 90 minutes. When system attacks spread to municipal water systems, Governor Greg Abbott issued a disaster declaration.
  • Other victims of cyberattacks this past year include New York City’s Metropolitan Transportation Authority and Law Department, the Massachusetts Steamship Authority, Navistar, McDonald’s, Electronic Arts, and Sol Oriens. 
  • The Department of Energy is asking Congress for $201 million in its budget request for the fiscal year 2022 to address digital vulnerabilities.
  • The FBI has asked Congress for $40M to help combat wave of ransomware attacks

What exactly is a ransomware attack and how does it work?

Ransomware is a family of malicious software (malware) that most often acts in one of two ways. It can block access to a PC, server, network, or mobile device, or it can encrypt all the data stored on that machine so you can’t use it. Attacks are typically delivered via malicious email or infected third-party websites. Once your system is infected or locked up, the attacker demands a ransom to allow you to regain access to your data.

The FBI reports that it’s seeing two basic kinds of attacks. One is the “accidental insider” where someone accidentally allows access to their network, usually by clicking a malicious link in an email that’s disguised to look legitimate. Hackers typically use fake emails, fake advertisements, even fake apps to trick people into opening malicious links. The second is “exploitation of a vulnerability” whereby a hacker gains entry to the company’s network via some weakness in the computer system.

How bad is the problem?

Ransomware attacks have been steadily increasing, but it’s hard to pinpoint exact numbers because many incidents go unreported. The FBI’s Internet Crime Complaint Center (IC3), which collects voluntary reports from ransomware victims, shows a steady increase since 2018. It’s estimated that the cost of ransomware attacks in 2021 will reach $20 billion globally.

What can you do to protect yourself?

The best defense against a ransomware attack is a vigorous proactive plan. Although there are steps that can be taken to recover from an attack without paying a ransom, the best defense is a good offense.

  1. Be sure never to open suspicious links you receive in emails. Double check the sources of the emails you receive and beware of counterfeits. Screen your emails for authenticity. Don’t click on anything that looks suspicious.
  2. Back up all your data on a regular basis. Store the data in a cloud-based system separated from your normal network.
  3. Install an antivirus firewall.
  4. Utilize cybersecurity tools such as real-time ransomware detection software.
  5. Invest in security awareness training for your staff.
  6. Be sure all your system plug ins and apps are routinely patched and updated.
  7. Develop a disaster recovery plan so you can respond quickly and effectively in the event of an attack.
  8. Consult with wedoIT.

We have several important cybersecurity options available to you. Some of the solutions we can employ include robust forms of network authentication, timely system backups, cloud storage of your backups, and real-time ransomware detection software safeguards. While there are never any guaranteed 100% full-proof ways to prevent all attacks, there is a lot you can do to keep your technology systems as safe as possible. Contact us today and let’s talk about how we can strengthen your company’s protections.