I've written about Ransomware attacks extremely often this year. I feel like a fear-monger or one of those sidewalk preachers who loudly claim the end is near as you stroll past them.
I wish I could say things are getting better, but they don't seem to be. According to Armor (a cloud-based cybersecurity company), 182 organizations in the U.S. have publicly disclosed they've been the victim of a ransomware attack.
49 of those have been public school districts. That's followed by 70 municipalities (some of which we've covered before) and 27 healthcare facilities. The remaining 36 are assumed to be private businesses or a mix of industries.
Let's run through those numbers again:
- 182 publicly reported cases of ransomware
- 70 of the reported cases were municipalities (towns, cities, etc)
- 49 of the reported cases were school districts (about 500 individual schools)
- 27 of the reported cases were healthcare facilities
- 36 of the reported cases were from a variety of different industries
Why are these types of organizations (primarily municipalities, school districts, and healthcare facilities) being targeted?
Two reasons:
- They're easy targets. Municipalities, school districts, and healthcare facilities rarely allocate the resources needed to adequately defend themselves against ransomware attacks. IT departments are typically understaffed and overworked. Things like security awareness training, regular back-ups, etc might be unattainable or "nice to have" services for public entities.
- They're public-facing and require high-availability. These organizations can't afford to shut down. That means they're more likely than not to pay a ransom or be willing to pay a ransom than others for the reasons I mentioned above.
Cybercriminals are very well aware this is the case and they've adjusted their strategies accordingly. The Armor brief (which you can read here: https://www.armor.com/threat-intelligence/armor-identifies-10-new-ransomware-victims-in-the-past-9-days/) makes the point that new organizations are coming under fire every day and the attacks show no signs of stopping.
Sigh...
Just because the outlook isn't good doesn't mean there aren't things we can do and that its impossible to be pro-active in regards to fighting ransomware.
Here are a few tips you can use to defend your organization:
- Offline Data Backups – users must have multiple backups of their critical data, applications, and application platforms. These backups must be air-gapped from the internet and password protected.
- White Listing Solution – limits the use of applications and processes that are allowed to run in your environment by providing a shortlist of approved applications and processes. Like a VIP List for your PC, if it’s not on the list, it’s not allowed.
- File Integrity Monitoring—Monitors your IT environment 24x7x365 for changes to the critical OS, files and processes such as directories, registry keys, and values. It also watches for changes to application files, rogue applications running on the host and unusual process and port activity, as well as system incompatibilities.
- Practice Least Privilege Access Control –ensure the user has the least privilege for their job. This also applies to services.
- Audit/Penetration Testing from Independent, Third-Party Experts—to ensure that you are implementing best practices.
- IP Reputation Monitoring/Blocking—blocking known bad infrastructure and actors
- Continuous Security Awareness Training – educate employees about current and emerging cybersecurity risks and phishing emails. Effective training should actively engage employees and include policies concerning the correct response to suspected phishing attempts.
- Endpoint Protection Solution – includes protection, detection and response capabilities for laptops, workstations and mobile devices. Utilizes antivirus (AV) and anti-malware (AM) to block cyberattacks. It is also used to quickly detect and remediate any malicious activity or infection that has made its way onto the endpoint.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.
