Jedi Master Obi-Wan Kenobi had it. Luke Skywalker and his sister, Leia, also did. ‘Precognition’, also known as danger sense, was a 'universal force' to help Jedis sense danger and then take measures to avoid it. We see insurance brokers as having - 'the force' - the ability to arm their clients with the 'know-how' to stay ahead of cyber attacks – especially when it comes to ransomware attacks.
Ransomware attacks are surging. Well known insurers have had their ‘full’ on paying for costly attacks and are reshaping the cover they provide, who they provide it to and the terms that come with that. BOXX clients have faced ransom attacks and come through the other side (separate blog on that to follow). The best ransomware attack is the one you avoid. I caught up with Ryan Duquette of Cyber security specialists, RSM to discuss steps that firms of every size can take to defend against such attacks. RSM provides cyber security services to organizations in Canada and the USA and have helped thousands of businesses respond to cyber incidents. Here’s a summary of our talking points.
Reminder: What is Ransomware?
Ransomware is a type of malware that prevents you from accessing your systems or the data held on them. The data is encrypted, but it may also be deleted or stolen, or the computer itself may be made inaccessible.
Following the initial attack, those responsible will usually send a ransom note demanding payment to recover the data. They will typically use an anonymous email address and request payment in crypto currency.
To add to the misery, there is a trend for cyber criminals to also threaten to release sensitive data stolen from the network during the attack, if the ransom is not paid.
How Do Ransomware Attacks Work?
Ransomware attackers can gain access to a victim’s network through easy to access weak points. It can be hard to predict where the attack will target, as cyber criminals adjust their strategy depending on the vulnerabilities they find. The most common vectors we see are:
Working from Home - Remote Desktop Protocol (RDP): Enables employees to access their office network remotely. Insecure RDP configurations are frequently used by ransomware attackers to gain initial access to victims’ devices.
Unpatched Software or Hardware: Unpatched or unsecure devices have commonly been used by ransomware attackers as an easy ‘back-door’ into networks.
Phishing Emails: Frequently used by actors to deploy ransomware. These emails encourage users to open a malicious file or click on a malicious link that hosts the malware.
The Hunt Once inside your network, an attacker will attempt to move around the network, increase their privileges and seek out high-value data, often using additional tooling to assist with this. Once they’ve found the crown jewels, they will lock you down and then it’s game over. They will also attempt to cover their tracks so that any subsequent investigation will be more difficult and costly. To boost their success rate, recently, attackers have also been seen to:
sabotage backup or auditing devices to make recovery more difficult
encrypt entire virtual servers
use scripting environments to easily deploy tooling or ransomware
Giving your Clients the Jedi Force?
Nearly every firm has the ability to reduce the odds of falling victim to a ransomware attack with these two steps:
1. Staying ahead of ransomware vectors:
Use Multi-factor Authentication to secure RDP services.
Install and enable Antivirus software.
Ensure staff are trained and assessed to spot phishing attacks.
Stay on top of patching software.
2. Boost chances of recovery:
Having up-to-date and tested offline backups. Offline backups are the most effective way to recover from a ransomware attack.
Having a specialist 24/7 Incident Response team on stand-by.
We are always here to discuss client specific cases and remember clients have access to the Hackbusters, night or day in the event of a cyber breach or incident.
For more information, please feel free to contact the following:
Vishal Kundi: firstname.lastname@example.org
Michelle Diniz: email@example.com
Chris Masaki: firstname.lastname@example.org
Mike Senechal: email@example.com