The recent, highly publicized ransomware attack on Colonial Pipeline Co. was one of the latest in a string of attacks that have plagued businesses and government agencies. The Colonial incident was just the tip of the iceberg, concealing numerous other, less publicized events. Such attacks are ramping up at an ever-increasing rate. What can folks do to avoid such an attack?
First, it is no exaggeration to state that ransomware is the single biggest concern of information technology professionals worldwide. Many consider a ransomware attack to be an RGE (resume generation event), that is, if your shop gets hit with ransomware, you’d better polish up your resume because you’re going to need a new job soon.
But the fact of the matter is that it can be difficult to protect against contemporary ransomware. No longer consisting of just quick, smash-and-grab jobs, successful attacks are played out over a longer period of time. Weeks, if not months, can go by after your systems have been infiltrated before you are hit with a demand of ransom.
Of course, with the ransom comes consequences. In a nutshell, you are prevented from accessing the data on your systems. We are also seeing ransomware attacks evolving to data theft and threat of release of such data. Pay the ransom and access is restored. And the bad guys “promise” not to release your data.
So-called “soft” targets are being victimized more and more. A soft target is generally someone who might not be as focused on cybersecurity as financial institutions or certain government agencies. And ransomware perpetrators are doing their research. The ransom is usually set at an “affordable” price for small businesses. The ransom might be $5,000 or $10,000. In the case of Colonial, the ransom was reportedly near $5 million.
Many victims have quietly paid the ransom, but results have been mixed. After all, it’s not like you can call the Better Business Bureau or Office of Consumer Protection on the purveyors of ransomware. In the Colonial incident, the U.S. Department of Justice was able to recover a significant portion of the ransom paid to the perpetrators. But folks cannot expect this to be the solution for their ransomware woes.
Is there a solution? A cornerstone of a protection strategy is a good backup. IT professionals have been preaching about backups since computers were invented, and back in the day, we used to say, “Any backup is better than nothing.” While that adage still holds true, ransomware attacks have been known to compromise backups. Simply copying files to an external hard drive or the cloud just won’t cut it anymore. A reliable commercial backup product will go a long way toward mitigating exposure to ransomware.
Perhaps most important of all, anti-ransomware software on the desktop is key. Old-school anti-malware products rely upon databases that are out of date as soon as they are released. Instead, a good anti-ransomware product will detect ransomwarelike behavior and stop it in its tracks. A modular approach may be necessary with an anti-ransomware solution side by side with a traditional anti-malware product.
John Agsalud is an IT expert with more than 25 years of information technology experience in Hawaii and around the world. He can be reached at jagsalud@live.com.
