For as long as individuals have owned items of value, others have tried to steal them. Nowhere is this truer than in the American Old West, where savvy and unscrupulous criminals known as “cattle rustlers” stole the livestock and livelihoods of honest ranchers living on the frontier. In today’s world, it’s not too hard to draw parallels between that frontier and the digital frontier of information age cybersecurity. Both are rife with persistent, ever-evolving threats, but offer lucrative rewards to businesses and individuals who can successfully protect themselves and their assets.
Instead of wily and elusive cattle rustlers, modern businesses face the ever-present threat of ransomware attacks; rather than stealing physical assets such as cattle, these attackers are after the sensitive information and data that keeps your business running and gives you a competitive edge. Now more than ever, as your herd of computers roams free in your employee’s home environments, it’s crucial to start preparing to defend your network.
But why now?
In case you are unfamiliar with the term or missed our previous article covering security exploits, ransomware is a type of malicious software designed to infiltrate a network, prevent access to files or computer systems, and hold this access for ransom. The list of ransomware victims is long and getting longer every day. Most recently, global technology giant Garmin was infiltrated by a ransomware attack at the end of July 2020. The attack disrupted Garmin’s services worldwide, prevented their commercial smartwatches from syncing, and impaired performance of their aviation equipment, not to mention the millions that Garmin may have had to pay in ransom to recover.
Though high-profile attacks get the most news coverage, you don’t need to be a major technology company to be hurt by a ransomware infection; according to Tech Times, as much as 71% of ransomware attacks target small businesses. These information age cattle rustlers often target smaller companies simply because they are less likely to be able to make a recovery and are more likely to pay the ransom. With the average ransomware ransom currently close to $100,000, and a 41% increase in ransomware attacks from last year, the threat has never been more serious.
What’s in it for the bad guys?
Oddly enough, the motivation for hackers to perform ransomware attacks is similar to that of the cattle rustlers of the Wild West: money (ransom payments), valuable assets (data), and fame (covert advertising). Let’s examine each reason in greater detail.
- Money – Ransom payments are the most obvious and common motivation for ransomware attacks, as these are ultimately criminal enterprises made up of employees who need to make a living. Whether it’s a few thousand dollars for some personal files or a few million dollars from an enterprise like Garmin, they are ultimately in it for the payday.
- Data – Your data is also valuable to many hackers, even if it does not seem as obvious. It’s entertaining to think of a criminal organization stealing blueprints to secret technology but more mundane information like your list of clients, gives them new targets. They may even get lucky and get some credit card or social security information. All data is a commodity in the information age.
- Fame – It needs to be understood that hackers are highly sophisticated criminal enterprises, not lone individuals sitting in a basement with bloodshot eyes and a black hoodie. They have clients and competition, and the higher profile the hack, the better advertising it is for their business.
Mantra One: Cattle, not Pets
Ranchers, both Old Western and modern, cannot get attached to their cattle. They are there to serve a purpose, to enable the rancher to maintain their livelihood, and not for companionship like pets. Similarly, organizations must treat computers as cattle rather than pets – as tools to an end rather than objects of attachment. I’m sure many of us have “favorite” tools (I’m guilty of naming screwdrivers), but cybersecurity best practices dictate that we must remain objective about replacing and maintaining our computers. Follow these best practices which foster a “cattle, not pets” culture in your business:
- Encourage users to save files in the network or cloud Storage instead of “My Documents”
- Actively prevent users from saving data locally on their computer
- Use standardized system images to speed up Operating System and software installation
- Using Group Policy Objects to deploy and configure printers, network drives, and other devices
- Prevent your users from installing software that is not approved by the organization
- Educate your employees about what security measures are in place, why they are important, and how they can help
- Develop a comprehensive response plan for malicious attacks
- Ensure that you can remotely remove a computer from the network if there are issues with the device (such as a virus or malware)
Mantra Two: Two is One, One is None
As its name implies, the Wild West was just that – wild. Ranchers living on the frontier had to user their wits to survive and find multiple ways to solve problems; if you’re trying to start a fire and you only have a matchbox, what happens when you run out of matches? Similarly, modern businesses should adopt a “two is one, one is none” mantra when protecting their data. If you only have one copy of your data, it might as well not exist- it could be stolen, lost, or destroyed at any time. But even with one backup copy, organizations are still at risk; many ransomware attacks lock you out of your backups and force you to ransom them back. Thus, an optimal recovery strategy requires multiple copies of the data to be available to you, but hopefully not the bad guys. Achieve this by adhering to the following:
- Do not use virtual machine (VM) snapshots or RAID storage as backups
- Back up all servers daily, including both the data on the server and the operating system
- Do not backup workstations by default (see: Cattle, not Pets), but make spare equipment available
- Maintain at least one “offline” copy of data (i.e., on a tape or hard drive stored in a fireproof safe or cloud service datacenter) which is sufficient to restore from an emergency
- Define a retention policy to ensure you can recover data from various points in time (e.g., retain all the daily backups for one week, and one weekly backup for a month, one monthly backup for a quarter, and one quarterly backups for a year)
- Test backups periodically by performing a restore of select data or servers to confirm that the backups are valid
We’ve written previously about the threats to your network, like business email compromise, large data breaches, and core network security. Cyber threats are constantly evolving, and the next security breach is right around the corner. Fortunately, cybersecurity solutions are also evolving, and approaching your organization’s technology culture with the proper “secure mentality” is essential. If your organization successfully follows the two mantras described above and their associated best practices, you can expect the following result from a typical ransomware attack:
- The infected computer encrypts several files on the network and spreads to a few other machines before the threat is recognized and all infected devices are removed from your network to contain the attack
- While there is an impact on critical business operations, a reliable “offline” backup is available and allows you to recover the lost files on the same day
- The infected users continue to work on spare equipment while the infected machines are re-imaged
- You or your information security partner evaluate the incident to determine if improvements are needed to prevent future incidents
Small but Mighty
Many small to medium-sized businesses may be thinking at this point, “if a multi-billion-dollar international enterprise like Garmin can’t keep the bad guys out, what hope do we have?” The answer may surprise you. For one thing, smaller businesses are nimbler, with a smaller attack surface to manage; you can take meaningful steps to protect yourself faster and more efficiently than industry titans. Additionally, the hacker coordinating the attack will often expect smaller organizations to be unprepared, and they are more likely to look for an easier target if they encounter a strong defense rather than doubling down. The best practices covered here will not comprehensively protect you from every threat you may encounter, but they will make you much better equipped to cope with and recover from attacks than those who ignore them.
The first time I encountered a ransomware attack was over a decade ago, but I still remember it like it was yesterday. Thankfully, an offline backup was available on a tape and it was easy for that client to recover to the previous night’s data. It was a small company with less than 25 employees, which imported and resold hats. The cattle rustlers made it into the ranch, but thanks to the backups, no cattle were lost. However, they did get a request to pay a ransom using a new digital currency called “bitcoin”.
As much as things change, I’m always impressed by how much they stay the same.
At Dataprise, we help businesses protect their data from ransomware and other cattle rustlers of the information age. We are not just your fence, but your guards, alarm system, and sheriff. For more information, visit Dataprise Cyber.