It’s fair to say Ransomware attacks are on the rise. But ransomware is not a new issue. When I was with the Federal Bureau of Investigation (FBI), we provided guidance to the public in 2016 on this topic and it remains a critical issue. In 2019, I spoke at an InfoSec Conference in Las Vegas and my co-presenter, a retired FBI Agent working for a major intrusion response company, said ransomware was at epidemic proportions. I noticed a number of folks in the audience were rolling their eyes at his statement.
To be honest, very few companies were taking the threat seriously. A common response was, “why would anyone want to target me?” I would hear this time and again from nonprofits and religious organizations. Make no mistake, cybercriminals do not care who you are or what kind of business you run. Even a church can be targeted. Here are a few examples of how severe the threat is:
In 2021, the Cybercriminals targeted the Washington D.C. Police Department. To make matters worse, they claimed they would release some very sensitive information if their demands were not paid. This is not the first time the Cybercriminals made their point that if they can encrypt your data then they can also steal it.
The Colonial Pipeline incident showed the Cybercriminals had the ability to shut down a major portion of our country’s critical infrastructure. The tools to commit these crimes are all available on the Dark Web.
In May, JBS Foods, one of the biggest meat processing companies in the world, paid an $11 million ransom demand which is one of the largest ransomware payments of all time.
Over the July 4th weekend, approximately 1,000 organizations around the world were affected by a ransomware attack on the U.S. information technology firm, Kaseya. The Cybercriminals realized that by attacking one organization, they can impact a large number of other companies.
During my decades with the FBI, I discovered that by the time law enforcement is alerted of a Cybercrime/Ransomware incident, we cannot come to your organization and wave a magic wand to fix the problem. Since most of the Ransomware Gangs are located overseas, it is equally challenging to bring these evil-doers to justice. I know those two points can cause a lot of anxiety, however it's not hopeless. My big epiphany while I was with the FBI is the fact that a majority of Cybercrime incidents could have been prevented. Is ransomware prevention easy? The answer is no. However here is a quick list of steps you need to be taking to reduce your chances of becoming the next Ransomware victim.
Realize phishing is the number one attack vector for the distribution of malware. You will get an email, a text message or even a Facebook message asking you to click on a link or open an attachment.
You can get infected if you go to a questionable website or a website that has been infected with malicious code (This is called drive-by malware).
Make sure your computer/smartphone/device is updated to the latest operating system and all applications are patched. Do not ignore your device when it says it needs to be updated.
Reduce your attack surface on your device. Only allow trusted applications to run on your device. Beware of all those free software products that you never use. (This is called application whitelisting).
Reduce admin rights for users. Admin rights allow users to install programs and malicious code. If your device asks you to enter your password to install or make changes to a program you need to be careful.
Take an inventory of who you are allowing onto your network and what they can access. Does the employee from three years ago still have Admin rights to your network? You do not want every employee to access everything on your network. (Least privilege and access management)
Use two factor authentication on all remote access to your network, especially remote desktop protocol (RDP).
Backing up is not enough ... make sure you test your backups and have a good restoration plan. Remember, if your network is infected with ransomware there is a good chance the Cybercriminals have also stolen your data.
Educate yourself and your employees about the dangers of Ransomware and Cybercrime.
Contact your local FBI Office if you are a victim or go to WWW.IC3.GOV
Finally, here is an excellent resource from the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA).
This information from the FBI can be helpful as well to establish best practices to protect your ministry:
About the Author:
Our guest author is retired FBI agent Scott Augenbaum. In 2003, Scott was promoted to Supervisory Agent in FBI headquarters in the Cyber Division, Cyber Crime Fraud unit. He managed the FBI Cyber Crime Task Forcer Program and Intellectual Property Rights Program. In 2006, he transferred to Nashville and managed the FBI Memphis Division Computer Intrusion/Counterintelligence Squad. He is the author of The Secret to Cybersecurity.