The fight against ransomware: Getting the upper hand

The fight against ransomware: Getting the upper hand

December 16, 2016

By now, ransomware is a part of most organizations’ vernacular. The cyber threat has become one of the top dangers facing businesses and individuals in recent years. In fact, the FBI states that about 4,000 ransomware events have occurred every day since January 1, 2016, increasing roughly four times more than in 2015, and that’s just in the United States.

Still, as online interactions increase and the internet-connected world expands, ransomware has found ways to remain problematic even with heightened awareness. New and revised versions of ransomware are being developed at a rapid pace. Many cyber criminals have actually dropped the amount of ransom they are asking for, recognizing that a smaller amount is likely to be paid by more people, and that with a “reasonable” ransom, people are less likely to complain to the authorities.

Organizations are right to make every effort to prevent ransomware attacks from crippling their office network. But coming up with a workable strategy requires a careful consideration of how hackers get their ransomware (and other malware) into corporate and personal networks. Securing your networks must work with how people use their computers, and how and why they fall for the schemes that hackers use. It’s not that people don’t care about security, but rather that the hackers have become masters of manipulation and are constantly learning how to perfect their skills.

Think like a hacker  

Here is a way to look at the problem: Many businesses are great at watching their front door, but might be unaware of the window someone left open in the basement. In other words, these organizations don’t evaluate their defenses the way a burglar – or a hacker – might. Maybe they have an excellent alarm system, but it could be one that is easy to disconnect. Maybe the major risk involves placing too much trust in a relationship with a vendor or contractor. Organizations need to carefully evaluate points of attack and address potential security gaps – and telling employees to not click on attachments or links of unknown origin simply isn’t enough.

Instead, a more effective defense requires that you also extensively examine your network from all directions – not just the systems that are housed and protected in the office, but also devices such as laptops that employees or collaborators outside the company use to log on while they’re working remotely. Or those vendor systems that you allow to connect to your network. Even look at the networks you may be providing for visitors to your premises. The internet has evolved into a ubiquitous, interconnected network with numerous potential entry points, and many of those points remain woefully vulnerable. The recent distributed denial of service (DDoS) attack, where hundreds of thousands of internet-connected devices were hacked and used to target and take down leading websites, stands as the most salient reminder of just how vulnerable these devices can be.

To make the challenge even greater, ransomware mutates in real time – threats emerge and change in the blink of an eye. On the other hand, businesses tend to think in organizational terms, which can slow their ability to react. We are all at a disadvantage when we turn to legacy, calendar-based protocols to respond to far more agile hackers.

How organizations can cover their bases

While it might seem like the bad guys have the upper hand, that doesn’t have to be the case. You can shore up your organization’s defenses with an honest and thorough evaluation of your cyber practices. Start by asking these three questions:

1. Where is your data?

It’s easy to think of your company data as a single library held under lock and key in one consolidated area, but that is often far from the truth. So much of our information is stored in online remote storage systems (e.g., cloud storage) and accessed from numerous devices. There are also partners, vendors, service providers, and even clients that could compromise your organization during a ransomware attack that doesn’t even target your company. An important point to keep in mind as you conduct this inventory is that various countries have very specific data access and security laws surrounding data stored within their borders. If your organization’s HR data is inadvertently or purposely stored in an E.U. city, it might be difficult to legally bring that data back into your U.S.-based systems because of European Union privacy laws. The time to find out where your data will be stored is before it is stored – not after an incident occurs and you are left trying to repatriate it.

2. Is the data being held by your partners or vendors safe?

You’ll need to do a little bit of digging to get the answer to this question. For example, it may be necessary to hold your partners’ or vendors’ feet to the fire to determine how safe your data is while it is in their possession. To be sure, we aren’t talking about intentional misconduct; it’s more likely that these third parties need to update their cybersecurity. It might be time to have a hard conversation with them and conduct some audits.

3. Do you have a security protocol for personal devices?

Finally, examine the devices and networks your employees use when they’re out of the office. It might not be feasible to restrict the usage of these tools, but you can extend your training to include best practices regarding remote work. That should cover items connecting to unprotected or unknown networks without using a virtual private network (VPN) connection. Failing to do that may result in your employees leaving sensitive items open and unattended or visiting unsecure websites.

There are tools to limit ransomware, and organizations have the opportunity to improve their ability to fight back. The key is to maintain vigilance and your level of preparedness in the face of a rapidly evolving threat. If you are uncertain of where to start or indeed how far or deep to go, engaging an experienced risk mitigation partner like Kroll can help you discover where weaknesses exist and minimize your vulnerability to ransomware.

Alan Brill SENIOR MANAGING DIRECTOR, Cyber Security and Investigations

Alan Brill is a Senior Managing Director with Kroll’s Cyber Security and Investigations practice, based in the Secaucus office. As the founder of Kroll’s global high-tech investigations practice, Alan has led engagements that range from large-scale reviews of information security and cyber incidents for multibillion-dollar corporations to criminal investigations of computer intrusions. He has worked on many of Kroll’s major international projects. Alan serves as both a consulting and testifying expert in major cases where his ability to explain complex technology concepts provides counsel with a valuable litigation resource.

Read More

Alan Brill