Information Technology News

What is ransomware?

Russia’s invasion of Ukraine has been met with economic sanctions by governments from around the world. Because of these new sanctions on Russian banks and elites, a senior FBI cyber official has asked U.S. businesses and local governments to be mindful of the potential for ransomware attacks.While U.S. officials continue to say there are "no specific, credible" threats to the U.S. homeland tied to tensions with Russia over Ukraine, they are preaching vigilance. Reuters reported that a Russia-based cybercrime group, called the Conti group, which is known for using ransomware to extort millions of dollars from U.S. and European companies, vowed to attack enemies of the Kremlin if they respond to the invasion. Brett Callow, a threat analyst at New Zealand-based cybersecurity company Emsisoft, noted that Conti has made "big and outrageous" claims before. But he recommended U.S. companies keep a close eye on their cyber defenses as cyberattacks in Ukraine could spill out abroad.Keeping a watchful eye on events overseas is prudent, but even in relatively peaceful times, your organization is at risk for a ransomware attack. Ransomware is an umbrella term that covers a lot of different kinds of malware that prevents users from accessing their system or personal files and demands ransom payment to regain access. However, these types of malware all have one thing in common: threatening you or your data to extort a “ransom.”

Once infected, users are shown instructions on how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin. Even if you pay the ransom to get your data back, it does not guarantee that it will decrypt the files.

Ransomware is malware that employs encryption to hold a victim's information at ransom. It is often spread through phishing emails that contain malicious attachments or through drive-by downloading.

Protecting your organization

Prevention is the most effective defense against ransomware. Your employees are your first line of defense, so reminding them never to click unsolicited links or open unsolicited attachments in emails is a good first step, but it is not enough. An employee awareness and training program is essential.

Your IT team must also take steps to prevent a ransomware attack. The Federal Bureau of Investigation (FBI) recommends these preventive measures:

Enabling strong spam filters to prevent phishing emails from reaching end users
Scanning all incoming and outgoing emails to detect threats and filter executable files from reaching end users
Configuring firewalls to block access to known malicious IP addresses
Patching operating systems, software and firmware on devices
Setting anti-virus and anti-malware programs to conduct regular scans automatically
Managing the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed, and those with a need for administrator accounts should only use them when necessary

You have ransomware—now what?

If one or more of your computers have been infected with ransomware, here are some immediate actions to take:

Isolate the infected computer(s) immediately. Remove infected systems from the network as soon as possible to prevent ransomware from attacking network or share drives.
Isolate or power-off affected devices that have not yet been completely corrupted. This may afford you with more time to clean and recover data, contain damage and prevent worsening conditions.
Immediately secure backup data or systems by taking them offline. Ensure backups are free from malware.
Contact law enforcement immediately. Contact either a local field office of the FBI or U.S. Secret Service to report a ransomware event and request assistance.
If available, collect and secure partial portions of the ransomed data that might exist.
If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.

Should you pay the ransom?

Paying cybercriminals a ransom is a serious question for any organization faced with losing its data. An organization must evaluate all of its options to protect its employees and customers. The decision whether to pay a ransomware demand must be taken carefully, with acknowledgement and acceptance of risks and in concert with various stakeholders–legal counsel, law enforcement, cyber insurance carrier, and security experts.The FBI does not recommend paying ransom to criminals. The possibility that the criminals will not hold up their side of the bargain must be factored into any decision about paying a ransomware demand. Even if your data is returned, it can be extraordinarily difficult to get your files or computer access back once the malware takes hold of them. Preparing ahead of time is the best decision you can make.The CBS Preferred Vendor Program includes vendors that can assist in your cybersecurity assessment and related needs offering solutions in a wide range of cybersecurity and privacy areas including strategic program development, security risk assessments, virtual CISO and training capabilities, compliance efforts, vendor risk requirements, incident response preparations, forensic services, data and user security and more.Analysts work with you to understand, prioritize, and manage cybersecurity with a keen eye on balancing your business objectives and your risks, all while addressing your issues today and preparing you for tomorrow. For more information, visit www.cbservices.org or contact IT & Website Services directly at 800-807-0200 or at customerservice@cbprograms.com.

Russian invasion brings ransomware warning

Did you know…?

A report from the Department of Health and Human Services
tracked 82 ransomware attacks affecting health care
worldwide as of May 25, 2021. Forty-eight of those
attacks, or nearly 60%, affected U.S. systems.
It found that average cost of rectifying a
ransomware attack, including the ransom paid
and downtime, was $1.27 million in the health
sector, and that was the lowest amount. The highest
was $2.73 million in education.

Criminal groups in Russia, Iran and North Korea
are blamed for many of the attacks.