Ransomware By Bryce Austin
There were seven people seated around the table: The chief executive officer (CEO), the vice president, the chief financial officer (CFO), the special agent from the FBI, the owner, the forensics technician and the company’s chief information security officer (CISO). “Don’t pay,” was the CEO’s vote. Same for the vice president. “Pay it,” was the owner’s response. The CFO nodded in agreement. “Paying could be a violation of Federal law,” stated the FBI representative. The CISO had a hard time getting words out, as this was the largest ransom that he had dealt with at the time. $1,200,000 was a lot of money. “I don’t see another option given the status of our backups. Either we pay the ransom, or we begin liquidating the assets of the company as soon as possible. Which is the lesser of two evils?” The CISO negotiated the ransom down to $410,000.The Bitcoin took several hours to amass. The cybercriminals delivered a decryption key, but 30 percent of the company’s data was gone forever — some of their hard drives filled up during the ransomware encryption process, and the encryption software kept running after the drives couldn’t hold any more data. Every file encrypted after that point was irretrievable. Stopping ransomware includes three key areas: Cybersecurity hygiene of your employees, proper practices by your IT department, and your data backup strategy. Here are eight ways to prevent a ransomware attack.
Ransomware Defenses to Help Prevent Attacks:
1
Add Multi-Factor Authentication (MFA) on all your company’s email accounts and on all external access to your network (VPN, TeamViewer, WebEx, etc.). This will help prevent a cybercriminal from taking over an email account using a compromised username/password.
2
3 4 5
I f your company uses Windows Active Directory, do NOT log in to computers with Domain Admin accounts. There is an attack called “Pass the Hash” that will steal encrypted (hashed) credentials left behind. If you must log in with a Domain Admin account, change the password.
Patch your PCs, workstations and servers. Every month. No exceptions. That includes conference room PCs, loaner PCs, HVAC computers, etc. Patch your networking gear. Firewalls, switches, UPSs, phone system, etc.
Install good antivirus software everywhere. All PCs. All Macs. All servers. Everywhere.
38 | SPRINGS | Spring 2022
