The Bad Guys Are at It Again! Ransomware Attacks Are on The Rise.

“Here’s the plan. We get the warhead and we hold the world ransom for… ONE MILLION DOLLARS!”
– Dr. Evil (played by Mike Myers in Austin Powers: International Man of Mystery)

While we all laughed at the absurdity of a criminal mastermind seeking a one-million-dollar ransom, it’s quite a different scenario when data belonging to a school, a hospital or a business is held for ransom. Not only are these criminals decimating their victim’s operations by limiting access to their vital data, but now they are also threatening to release the PII (personal identifiable information) that they obtained in the attack.

According to EdTech Magazine, more than 1,000 educational institutions have fallen victim to ransomware attacks. In some cases the personal information of students and staff has been leaked to the dark web because the school (or the district) refused to pay the ransom. But schools are not the only targets. If you look at the list of most serious ransomware attacks of this year, you will see that the attacks are across all industry lines and victim sizes. NO ORGANIZATION IS SAFE!

Phil Dusenberry said “I have always believed that writing advertisements is the second most profitable form of writing. The first, of course, is ransom notes.” Ransomware is all about the money! Just like the mobsters of yesteryear would send some “muscle” to shakedown a store owner, the modern criminals are using ransomware to the same effect.

You may notice that experts are expecting roughly 80 million ransomware attacks in the USA. Total damage caused by ransomware attacks this year is expected to surpass $20 billion. Here’s a list of the Top 5 ransomware attacks to watch out for.

1. Maze Ransomware
2. REvil Ransomware
3. Ryuk Ransomware
4. Tycoon Ransomware
5. NetWalker Ransomware
6. NEW THREAT: Egregor Ransomware

“So, is there any way to protect my data?” you may ask. The answer is a most definitive “YES!” It’s are two-prong solution: prepare and protect. Let me explain… Let’s start with “prepare.” This is what you must do to quickly recover if your organization is attacked by ransomware:

1. Have a data backup strategy to save your data onsite and offsite. Make sure that you test your backups to confirm that your data is safe.
2. Educate your users about the dangers of ransomware and how the criminals use email and websites to attack organizations. (See our earlier blog post about phishing emails.)
3. Work with your insurance broker to obtain Cyber Insurance Coverage for your organization.
4. Create a Remediation & Recovery Plan and make sure that it is easily available and accessible in case of an emergency.

The “protect” part is a bit more complicated. Because we are all currently working in a widely dispersed environment and are often accessing data from disparate devices; it is very difficult to protect the users and their data. I strongly recommend working with cybersecurity professionals to create the safest possible environment in your organization. Here are some ideas that you should consider:

1. Start with passwords! Strong passwords that are often changed are your first line of defense.
2. Enable mandatory 2FA (two factor authentication) wherever possible. (See our earlier blog post about 2FA for Microsoft 365.)
3. Use an encrypted VPN for remote workers who need to access the office.
4. Invest in technology that offers 2FA on your VPN for your remote workers.
5. Make sure that you have a reputable firewall with a current subscription.
6. Make sure that you have a reputable anti-malware protection with a current subscription.
7. Segregate your wireless network into “guest” and “secure” to prevent unauthorized devices from accessing your sensitive data.
8. Consider using an MDM (mobile device management) solution on your network.
9. Consider using VDI (virtual desktop infrastructure) because it offers a much more reliable way to manage your data security.
10. Move data and as many applications as possible from workers’ desktops and into the cloud. Reputable vendors such as Microsoft, Google, DropBox and others offer additional security and data recovery solutions as part of their service.

Feel free to call contact us at (800) CDML-123 [800-2365-123] or [email protected] if you need help implementing any of the suggestions listed in this article.