With the recent news of Colonial Pipeline paying nearly $5 million to hackers after the criminals had made the largest fuel pipeline network in the nation inoperable, many businesses are concerned that their operations could be next.
While most firms aren’t operating sprawling fuel pipelines that millions of drivers rely on, ransomware criminals are happy to attack companies large and small, crippling their operations and demanding a ransom to unlock them. And as attacks mount, the U.S. government is taking notice. As a result, the National Institute of Standards and Technology (NIST), an agency within the U.S. Department of Commerce, has issued advice to the nation’s businesses to help them avoid falling victim to ransomware attacks.
In the past five years, the average ransom demand has shot up from $15,000 to $175,000 — an almost twelve-fold increase, according to the NetDiligence “2021 Ransomware Spotlight Report.”
If you have a database and have computers connected to the internet, you may want to heed the institute’s advice and beef up your defenses.
The ransomware threat
First, you should know that small and mid-sized firms — not larger businesses — are the main targets of ransomware criminals as they usually do not have the same safeguards in place to thwart them as larger operations with more resources. Experts have said that small and medium-sized organizations that fail to take adequate security measures are particular targets of ransomware criminals.
Hackers are becoming increasingly sophisticated in their ransomware attacks, sometimes quietly penetrating and assessing businesses’ computers, including backup plans, long before they even make their presence known.
Usually, ransomware is unleashed when an employee clicks on a link in a bogus e-mail that is aimed at tricking them into clicking. The e-mail may be disguised to look like it came from the company president, or an important client, but the method is always the same: getting someone to click on the link, which in turns unleashes code into the company’s computer systems.
After that, the criminals will freeze the company’s computers and/or any parts of their operations that rely on computers, grinding operations to a halt. That’s when they demand that a ransom be paid to “unlock” the system, usually payable in bitcoin. Once the victim pays, they will receive a code to unlock their systems again.
The advice
NIST recommends:
- Using antivirus software at all times. Make sure it’s set up to automatically scan your e-mails and removable media (e.g., flash drives) for ransomware and other malware.
- Keeping all computers fully patched with security updates.
- Using security products or services that block access to known ransomware sites on the internet.
- Configuring operating systems or using third party software to allow only authorized applications to run on computers, thus preventing ransomware from working.
- Restricting or prohibiting use of personally owned devices on your organization’s networks and for telework or remote access unless you’re taking extra steps to assure security.
NIST also advises that employers require that their staff:
- Use standard user accounts instead of accounts with administrative privileges whenever possible on their work computers.
- Avoid using personal applications and websites, such as e-mail, chat and social media, on work computers.
- Avoid opening files, clicking on links from unknown sources without first checking them for suspicious content. For example, they can run an antivirus scan on a file, and inspect links carefully.
Preparations
If your company suffers a ransomware attack, it’s good to be prepared. NIST recommends that organizations follow these steps to accelerate their recovery should they be hit:
- Develop and implement an incident recovery plan with defined roles and strategies for decision-making.
- Carefully plan, implement and test a data backup and restoration strategy. It’s important not only to have secure backups of all your important data, but also to make sure that backups are kept isolated so ransomware can’t readily spread to them.
- Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement.
A note about cyber insurance
One way to help you recover from a ransomware attack is to purchase cyber insurance in advance. Not all cyber insurance policies will cover ransoms paid to ransomware gangs, but some do. Here’s why cyber coverage is so valuable:
- Your organization will be insured against catastrophic cyber risks that could severely impact your operations, such as ransomware attacks or data breaches. It will pay costs associated with restoring your systems, including paying a ransom.
- In the event of a cyber attack, you will have access to experts and resources that may otherwise be difficult to find at the last minute. That’s because cyber insurance carriers are generally more experienced in cyber risks like ransomware and e-mail compromise scams. They will be able to work with you to get systems online and help you sort out notifications to customers and vendors, as well as paying fines levied by regulators.
If you are interested in this type of coverage, we can help you find a policy that best fits your needs.