7 minute read
Ransomware Readiness and Recovery
Ransomware Readiness
By Bryce Austin
There were seven people seated around the table: The chief executive officer (CEO), the vice president, the chief financial officer (CFO), the special agent from the FBI, the owner, the forensics technician and the company’s chief information security officer (CISO). “Don’t pay,” was the CEO’s vote. Same for the vice president. “Pay it,” was the owner’s response. The CFO nodded in agreement. “Paying could be a violation of Federal law,” stated the FBI representative. The CISO had a hard time getting words out, as this was the largest ransom that he had dealt with at the time. $1,200,000 was a lot of money. “I don’t see another option given the status of our backups. Either we pay the ransom, or we begin liquidating the assets of the company as soon as possible. Which is the lesser of two evils?”
The CISO negotiated the ransom down to $410,000. The Bitcoin took several hours to amass. The cybercriminals delivered a decryption key, but 30 percent of the company’s data was gone forever — some of their hard drives filled up during the ransomware encryption process, and the encryption software kept running after the drives couldn’t hold any more data. Every file encrypted after that point was irretrievable.
Stopping ransomware includes three key areas: Cybersecurity hygiene of your employees, proper practices by your IT department, and your data backup strategy. Here are eight ways to prevent a ransomware attack.
Ransomware Defenses to Help Prevent Attacks:
1Add Multi-Factor Authentication (MFA) on all your company’s email accounts
and on all external access to your network (VPN, TeamViewer, WebEx, etc.).
This will help prevent a cybercriminal from taking over an email account using a compromised username/password.
2If your company uses Windows Active Directory, do NOT log in to computers
with Domain Admin accounts. There is an attack called “Pass the Hash” that will steal encrypted (hashed) credentials left behind. If you must log in with a Domain Admin account, change the password.
3Patch your PCs, workstations and servers. Every month. No exceptions. That includes conference room PCs, loaner PCs, HVAC computers, etc.
4Patch your networking gear. Firewalls, switches, UPSs, phone system, etc.
5Install good antivirus software everywhere. All PCs. All Macs. All servers. Everywhere.
Ransomware Readiness and Recovery
6Geofilter your internet traffic and emails – if you don’t do business with a foreign country, block traffic and emails to/from it. It keeps out lazy cybercriminals. No, it won’t keep out the cybercriminals that VPN into your country before attacking you, but it’s surprising how many cybercriminals don’t take the time to do that.
7If you are part of a company with many workstations, use the Microsoft Local Administrator Password Solution (LAPS) to randomize the local administrator
password on all PCs. If you have the same initial local admin username/ password for every workstation, then if one machine gets compromised, it’s very easy for them to all get compromised.
8If your users have local admin credentials, you may want to rethink that.
Today. Right now. If a cybercriminal compromises a computer, they normally inherit the permissions of the user for that computer. If that user is a local administrator, the bad guys are going to use that access to do more damage.
In case you fall victim to ransomware, here are eight ways to recover from an attack. Please note that most of these need to be done before the attack takes place: 1. Offline backups. These are backups that are kept off your network. Cybercriminals try to delete your backups. If your backups are not on your network, the bad guys can’t destroy them. 2. Tested restore procedures. If you try to restore your backups only when you need them, you are rolling the dice every time you are in a real bind. 3. Offline restore methodology. Don’t begin a restore with your network still attached to the internet. Ransomware cases often unfold where the cybercriminals still have hooks into a company’s network, and they destroy the used-to-be-offline backups as soon as the restore process begins. 4. Workstation reimages. You need a clean workstation image to restore workstations quickly if you suspect they have been compromised. 5. Server rebuilds. You need a clean server image to recreate your servers quickly.
6. Pre-negotiated incident response team contract.
Find a cyber incident response company and get a contract in place. That way you will know how to “call in the cavalry” very quickly as opposed to going through contract negotiations in the middle of a crisis.
7. 35 percent free drive space on all network drives.
Ransomware often bloats the data on the drives it encrypts. As soon as a drive fills up, the encryption process will keep trying to move forward, but every file it encrypts after the drive is full will be unrecoverable.
8. If you have cybersecurity liability insurance, call
your insurance company ASAP! There are many stories of insurance policies with a clause stating that the customer must inform their insurance company of a suspected incident within 24 hours of the initial discovery. If they take a few days to confirm that the incident was real, it can be an expensive mistake. If all companies followed the specific recommendations above, ransomware cybercriminals would become a thing of the past. With proactive action and a good cybersecurity awareness training program for your employees, cybercrime is a solvable problem. n
Bryce Austin is the CEO of TCE Strategy, an internationally-recognized professional speaker on technology and cybersecurity issues, and author of the book “Secure Enough? 20 Questions on Cybersecurity for Business Owners and Executives.” He is the named chief information security officer for companies ranging from 40 employees to S&P 500 organizations. Austin actively advises companies on effective methods to mitigate cyber threats. For more information, please visit: www.BryceAustin.com.
In his 2019 presentation titled, “Evaluation of Stress Concentrators and Their Effect on Fatigue Life”, at the SMI Metal Engineering eXpo event in Pittsburgh, Pennsylvania, Jason Sicotte, Associated Spring/Barnes Group, described the use of the iPhone or other types of smartphones along with clip-on magnifiers as a useful tool for springmakers to examine spring manufacturing-induced imperfections.
LED lights 100x magnification
Anti-crush & anti-scratch cover Change port
Easy to install & detach
Figure 1. Apexel 100X clip-on magnifier for a smart phone.
It’s your world. Shape it as you please.
By C. Richard Gordon
I recently took a test drive of the Apexel 100X magnifier for the iPhone as part of the preparation work for the 301 Springs — Fatigue spring design training class.
It is amazing what can be done with an iPhone with a clipon magnifier. In many cases, springmakers can examine wire fractures in-house to identify spring manufacturing-induced imperfections. This allows for a quick assessment and corrective action and may avoid the time and cost of a formal failure analysis program. It can also be used to assess the shot peening coverage on the outside diameter of a spring.
Figure 1 shows an example of a clip-on magnifier with 100X magnification that costs less than $30. It also shows how it is attached to the smartphone. Figure 2 shows an iPhone photograph of an extension spring used for this example. Figure 3 shows photographs of the extension spring surface taken using an iPhone with a 10X loupe magnifier and the 100X Apexel clip-on magnifier. The 100X photograph shows a nicely shot peened surface.
This could be a very useful tool to add to your toolbox. n
Figure 2. An iPhone photograph of an extension spring for examination. The white arrow points to a black identification mark shown in the Figure 3.
In the hands of skilled craftsmen, our steel becomes the parts, components and products that make the world turn. For over 65 years, fabricators and manufacturers big and small have trusted Admiral Steel to help them leave their mark on the world. For any size order from 10 lbs. to 10,000, you get first-class quality, on-time delivery, and personalized service from Admiral. Contact us for a quote today!
Admiralsteel.com
ISO 9001 REGISTERED
4152 West 123rd Street Alsip, Illinois 60803-1869 Ph: 800-323-7055 Fax: 708-388-9317 email: sales@admiralsteel.com
Admiral is a registered trademark of Admiral Steel LLC. Alsip, Illinois. Reg. No. 2430959. All rights reserved.
10x Loupe with iPhone 100x Loupe with Apexel clip-on magnifier with iPhone
Figure 3. Photographs of the extension spring shown in Figure 2 with two different magnifiers.
