The brutalities of ransomware attacks – Safeguarding your business from cyber attacks
Imagine a malicious software taking over your digital systems and denying user access to data! A similar incident in which the websites of two power utility companies in Telangana and Andhra Pradesh froze due to a ransomware attack. More than two crore customer data were stolen, online payments were disrupted, and several files were damaged. India is the 5th most ransomware attacked country in the world with a rate of 65,000 attacks every year making it a gold-mine for cyber-attacks.
A ransomware attack is one of more predominant forms of criminal business models designed to extort money by injecting threats into their computers and other digital systems. The business-sensitive data is encrypted and withheld by criminals until a ransom is paid using anonymous payment modes like Cryptocurrency. In 2016, the Revenue Department of the Government of Maharashtra lost data on 150+ computers, the data has yet not been completely recovered. Ransom was asked in Bitcoins. Often, the stolen data is leaked in the underground world of the internet, or a series of ransom begin after the initial payment- let alone the decryption key.
India was one of the worst hit nations by WannaCry ransomware that affected banks and enterprises in Tamil Nadu and Gujarat- affecting more than two lakh computers. Similarly, Petya attack halted work at Jawaharlal Nehru Port in Mumbai, India’s largest container port. Reports suggest that organisations in India are hit 213 times each week by ransomware attacks on an average. Majority of ransomware attack start with a genuine ‘looking’ email sent from genuine ‘looking’ organizations. Once the recipient clicks on the link or opens the email attachment, a payload is installed, and the computer becomes infected. The malicious malware identifies vulnerabilities and adds extension to the encrypted files such as “. micro, .aaa, .ttt, .encrypted, petya” etc.
Government organizations, financial institutions, and businesses especially small and medium sized, remain at the core of such cyber-attacks. Usually, these businesses lack support of a dedicated IT and incident response/ cybersecurity team. Backup infrastructure and recovery measures are expensive, current economic irregularities have impacted equally, making them victims to half of global cyber-attacks in 2020. Research suggests that more than two thirds of small businesses believed that nothing of this sort could happen to them until 2019. Quite often, security measures are an afterthought and a measure taking birth after an attack has taken place.
For starters, businesses must follow the below blueprint to guard against cyber-attacks in general.
Training in Cybersecurity
Educating your employees about threats, vulnerabilities and latest criminal trends will keep them vigilant. Attending cybersecurity seminars must be encouraged so that the employees keep their online identities safe. How to identify fake emails, keeping strong passwords, encrypting important documents, using a VPN to send files safely and whom to alert in case of a cyber-attack are some of the key areas to be considered.
- Do not open emails and links from unknown/ unexpected sources.
- Alert dedicated IT teams if unusual developments/ malfunctioning is noticed on your computers immediately.
- Scan the systems regular for potential threats.
- Change all passwords frequently.
- Practice cyber hygiene and stay up to date with latest cyber threats and modus operandi.
Cyber Incident Response Plan
Organisations can adapt to freely available resources like ‘SANS Incident Response Plan for organisations’ and customise a cyber security policy suiting their business needs (https://www.sans.org/white-papers/32979/). Dedicate tasks in case of a security breach, establish point of contacts who will be notified in case the computers become unusually slow or start malfunctioning or denies access. Run mock trials or simulation drills to make sure everyone knows their job well. Conduct post-event reviews to understand vulnerabilities so that newer responses can be planned.
Antivirus and Antimalware
Invest in preventive software such as firewalls, antivirus, and antimalware. Criminal modalities are evolving, ransomware has been constantly written and tweaked by the criminals and often anti-virus/ anti-malware solutions may not be equipped to catch threats.
Use a strong combination of uppercase, lowercase, numbers, and symbols to create a tough password. Change passwords frequently, use password managers like Keepass, Dashlane in case remembering them becomes challenging.
Update systems and software
Ensure that the operating system have been updated with the latest security patches. Do not run downloaded software on administrative rights unless you know what the software intends to do or if it is from a trusted source. Many a times businesses and government offices work on out-dated OS like Windows XP or older versions like Windows 7 due to cost affordability. However, once the system is attacked, there are only two choices- to pay up (or keep paying until the data is leaked) or say goodbye to the sensitive business and consumer data.
Store backups separately on an external hard drive, disconnect the device once the backup is completed so that it does not connect to the network.
Isolate the device from network
Turn off the internet, disable computer’s Bluetooth, wireless and any other networks. Disconnect other connected devices as soon as possible.
Backups must be offline, away from any sort of networking capabilities. Run anti-virus and anti-malware scan on the backup if required.
All companies should follow these basic steps to prevent cyber-attacks. Making employees aware about potential threats and signs of a cyber-attack will lead to early detection or even help to stop the infection from further spread at the earliest. Awareness campaigns and workshops are encouraged to stay put in the cyber space. Having backups not only for the data but also multiple plans to resort to in case of an attack helps to respond sooner. Regular security audits by third party organisations is recommended. Simulations of real-life scenarios will help to smoothen incident management processes thereby equipping everyone with their responsibilities. Lastly, brush up your security- create strong passwords and never share them.