Ransomware - The Bully that Steals Your Lunch Money or Will Tell Everyone About It
Ransomware
2019 was not a kind year to organizations in healthcare, education, and government when it came to ransomware attacks. Over 1,000 schools across the US fell victim to ransomware and hospitals were forced to divert patients to other facilities and cancel non-critical surgeries, returning to pen and paper at some facilities for weeks. Several hundred clients of managed IT providers were unable to access critical business systems after those that they had entrusted to take care of their IT were compromised to distribute ransomware. Some companies, like The Heritage Company with 300 employees, even had to close their door and lay off staff after falling victim to a ransomware attack that impacted their business operations so much that they were unable to recover.
Things are getting worse for victims
At the end of 2019, several ransomware groupsupgraded their attacks and started to steal data in an effort to force victimsto pay. Because of the number of attacks and increased awareness of the dangersof ransomware, many organizations started to invest in backup systems and becausethey were able to restore systems from backup, they could avoid paying a ransomeven if they fell victim to an attack. But now with this new twist, companiesnow face the release of information, a data breach, and the legal ramificationsof a breach including client notification. Before the exfiltration of data byransomware operators, many businesses could quietly restore systems and notnecessarily inform clients that they had suffered an attack. Now if the companydoes not pay or does not pay quickly enough, the news may break publicly throughthe very people that committed the crime.
In the case of Medical DiagnosticLaboratories (MDLab), the group behind their attack published a 9.5GB of datastolen from their computer systems after they were attacked. And Atlanta, Georgiacompany Southwire had 14GB of information published, some after they fileda lawsuitagainst the anonymous attackers. For Germany’s Gedia Automotive Group which hadto shut down IT operations following the attack, the company will now face aGDPR issue as the group has stolen several GBs worth of data and are threateningthe release.
In addition to stealing data, several ransomwareoperators have setup websites to publicly name and shame victims who do not paythe ransom.
What to Do?
One of the recurring themes of many recent ransomwareattacks has been unpatched vulnerabilities. As cyber-criminals are quick to pickup news of vulnerabilities and create exploits, enterprises as well as smallbusinesses must move more quickly to disable vulnerable systems when patchesare not available and apply patches when they are. The likelihood of sufferingan attack increases near exponentially the longer that a vulnerability remainsopen.
The other thing for companies to consider is performing third-partyrisk assessments. Whether it is an IT service provider or a cloud software service,companies need to do their due diligence and assess the cybersecurityprotections and strategy of their partners and also have in their own strategy,a plan to address situations where something goes wrong with those third-partiesand services may be unavailable.