The Ransomware Attacks You Never Heard About
By Andrew Roberts, Chief Cybersecurity Strategist, cStor
The news media have been full of stories about ransomware attacks that have crippled many organizations. Some chose to pay ransoms to recover their data, some steadfastly refused to pay and worked hard and long to get their operations going again. These stories typically have three common messages:
- Ransomware is bad and getting worse
- Your organization could be next
- There are a couple of things you can learn from the ‘attack du jour’ to help you be better prepared and/or protected.
This bad press has some cybersecurity leaders adopting a “not if, but when” mentality and resigning themselves to the knowledge that they WILL be crippled by a ransomware attack at some point. This is a self-fulfilling prophecy.
We need to remember that a successful ransomware attack is only possible through a failure in information security practices. It is true, you will be hit with a ransomware attack and you will be hit with one very soon. That does NOT mean you will be crippled by it.
Why are we trying to learn from the failures instead of emulating the successes? It’s simple: a successful cybersecurity program means a failed ransomware attack. Failed attacks don’t make the news.
Last week, a hacker sent a series of emails to a manufacturing company. These emails contained an attachment containing malware that, when activated, would ransom all the company’s data. The victim’s endpoint protection platform recognized the malware and blocked it. The ransomware attack failed.
That same hacker sent similar emails to a financial services firm. That firm’s email gateway recognized the emails were coming from a known-bad IP address and knew it was an attack. The emails were blocked, and the ransomware attack failed.
Frustrated, the hacker tried a different approach and sent different emails to a university. These emails contained a link to a malicious website that would install ransomware on victim computers. This university has an excellent user awareness program and one of the recipients reported the email to the cybersecurity team. The link was blocked in the firewall before anyone clicked and the ransomware attack failed.
Another manufacturing company also received malicious links. Unfortunately, one of their employees did click the link and ransomware was installed on their computer. As the encryption process started, security monitoring tools alerted the security team and automatically isolated the infected workstation before any significant damage was done. This company has excellent backups that are tested regularly. All damaged data was restored in less than an hour. The ransomware attack failed.
Yes, a ransomware attack is inevitable, but that does not mean you will inevitably be a victim. Good cybersecurity awareness programs, endpoint protection, email filtering, monitoring, and backups can each be the difference that makes your ransomware attack too boring for media attention.