FBI
On October 2, 2019, the FBI published a public service announcement issuing an updated warning about new ransomware threats.
The PSA reads, “The FBI does not advocate paying a ransom, in part because it does not guarantee an organization will regain access to its data. Paying ransoms emboldens criminals to target other organizations and provides an alluring and lucrative enterprise to other criminals.”
Although, the FBI did offer a placatory statement for those organizations who did pay the ransom to malicious cybercriminals. The PSA goes on to say, “The FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.
A critical takeaway is this: The FBI advises every ransomware victim to immediately report every incident to local, state, and federal law enforcement. The PSA adds, “Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.”
Before this PSA was issued, the FBI last cybersecurity warning was published on June 10. In the June PSA, the FBI warned about phishing campaigns used to attack secure websites.
Before this recent PSA, the FBI issued a ransomware infection alert in September 2016. The latest PSA also discusses common infection tactics such as the following:
- Email phishing campaigns: With this type of malware, the cybercriminal sends an email – containing a malicious file – that compromises the recipient’s system when
opened. - Software vulnerabilities: Many software programs are not thoroughly analyzed for vulnerabilities. To protect against ransomware, users must ensure that the software has the latest updates and security patches. Otherwise, cybercriminals can deploy a form of ransomware on various networks.
- Protocol vulnerabilities: Through the RDP proprietary network protocol, you can control your data over the Internet. Cybercriminals can induce a data breach with a brute-force tactic or by using trial-and-error methods to access the end user’s credentials. Once they have access to the RDP, cybercriminals can demand a ransom
payment.
The alert also informs readers of cyber defense best practices, including:
- Regularly backing up data.
- Increasing awareness and training.
- Verifying data integrity.
- Encrypting files.
- Patching the OS, software, and firmware.
- Ensuring anti-virus and anti-malware solutions are updated and scheduled scans are executed.
- Improving access/user controls.
- Disabling macro scripts from Office files sent as an email attachment or using Office Viewer software to open Microsoft Office files received via email.
- Implementing controls over common ransomware infection sites.
- Using best practices for RDP.
- Utilizing virtualized environments.
- Logically separating networks based on the nature of the data.
- Making sure users are required to enter passwords when their system attempts to communicate with a website not categorized by the firewall.
What can you do?
While it’s critical to protect your operating systems against social engineering or a data breach, there isn’t a method for preventing cyber attacks 100% of the time. However, what you can do is take precautionary steps so that you don’t become a victim of the next version of the wannacry ransomware cryptoworm that infected Windows computers, encrypted data, and then demanded a bitcoin ransom payment.
It goes without saying that the increasing ransomware threat landscape is an ongoing challenge for every organization in the digital age. With regard to effective cybersecurity, it’s essential to think in these three terms:
- Detect
- Correct
- Recover
One way to achieve these types of controls is through Managed Disaster Recovery as a Software (MDRaaS). CloudZen Partners can help companies find a provider who will offer expert and customized solutions tailored to business needs.
Ready to take control of your cybersecurity? Schedule a free discovery call with CloudZen Partners to find the right MDRaaS for your company’s data security needs. CloudZen Partners is 100% vendor-agnostic and works with the top Disaster Recovery providers. Our DR engineer team and services are free as we are paid by the providers directly with no mark-up.