In a recent interview FBI Director Christopher Wray compared the national security threat posed by ransomware to the terrorist attacks of Sept 11.
You may be aware of several high profile ransomware attacks that have recently been in the news. These attackers can target any industry, for example these victims have all been targeted: Colonial Pipeline – national fuel supplier, JBS – meat processing, the Steamship Authority – ferry operations, and the University of Vermont Medical Center – medical records and care. Each has had disruptions to their operations and their customers lives.
The Colonial Pipeline attack resulted in shortages at gas stations due to the blocked delivery of fuel. JBS had to shut down 9 of it’s beef processing plants while recovering from their attack, this put pressure on the market and raised meat prices. The Steamship Authority’s operations were down for a day and limited for several days due to the ransomware. Finally, the UVM’s records department was not available because of their attack and patients (including cancer) had to delay treatment and in some cases try to re-create their medical histories.
Each entity eventually had their operations restored but without robust security, operations, and backup systems in place each of these attacks could have been much worse. Some of those affected paid the ransoms in order to speed up restoration of services and or to secure personal user and/or operational data. The U.S. Department of Justice has recently been able to recover part of a large ransom (approximately 2.3 million dollars) via use of a private key associated with a bitcoin wallet. But there is no guarantee that this approach will be available for any particular incident.
We also know that there is a best practices approach to dealing with malware. In this instance, as in so many others, data should be backed up and replicated offsite to read-only storage. All endpoints should be patched on schedule, and be subjected to up-to-date antivirus and routine vulnerability scans. Networks need to be protected by firewalls and IPS/IDP systems. Regular account security audits should be run, multi-factor authentication should be deployed where possible, and any unused hardware must be removed immediately and decommissioned properly. Whether or not an organization considers these measures routine, they matter.
Find a Secure IT Solution You Can Trust with Infinitely Virtual
We work hard to keep your business working efficiently and safely. Call us today at 1.866.257.8455 to discuss the right IT solution for your business.