Turn on the news and you won’t have to wait long before hearing about the latest data breach. iCloud. Home Depot. Gmail. But there’s another kind of attack that’s on the rise and it doesn’t make the headlines that often, even though it can destroy your business even faster than the average breach. I’m talking about Ransomware.
At Armor, we’ve tried to drive home the fact that today’s hackers are skilled, organized and well-funded. They’re not always out for your data, though. Sometimes they go straight for your bank account. That’s the case with Ransomware, where hackers install malware that locks you out from your own system. Sometimes they will demand money outright and other times they’ll impersonate a law enforcement official pretending that your system has been used for illegal activities, or they’ll pretend that a software license has expired. Either way, you’re ordered to pay a ransom or face the destruction of your intellectual property.
These criminals usually use sophisticated ways of evading capture, such as using Tor anonymizing networks to cover their tracks. In 2013 a Ransomware worm called CryptoLocker collected an estimated $3 million before it was stopped by authorities. Both individuals and businesses are targeted; popular app company Evernote was attacked earlier this year. Unable to fight their attackers, they paid the ransom.
Another company, Code Spaces, faced a more dire fate when pirates kidnapped their site and demanded several million in ransom. Code Spaces tried to beat the hackers at their own game but lost: the company was unable to pay it and saw nearly all of the company’s data, backups, machine configurations and off-site backups deleted, forcing it to declare bankruptcy.
Who’s at risk? Anyone who touches the Internet. My mom included. Her accounts were held ransom for $300 a while back. Of course, most individuals don’t have an IT security expert in the family and don’t know where to turn for help. So they simply pay up. If you were wondering, my mom didn’t pay one red cent and kept control of her assets.
Organizations will often ask us how they can avoid getting attacked in the first place. Two of the highest risk factors we see:
- Wasting resources on areas that don’t need to be protected. Not every part of your environment operates under the same risk level; it’s smarter to identify the most vulnerable and critical areas and optimizing your mitigation strategy.
- The ostrich mindset of “it won’t happen to me.” The fact is, anyone can be targeted.
But the top mistake we see, without a doubt, is using an insecure provider who doesn’t have the expertise or the technology to protect their customers. Many of these providers will give you servers and get you up and running, but they hand any security and compliance responsibilities right back to you.
Ultimately it’s the customer’s job to do due diligence during the provider selection process, so be sure you ask the right questions. What is their risk management strategy? What level of security expertise do they offer? Ask if they have two-factor authentication by default and web application firewalls, and if they practice threat intelligence. Is security a 24/7 priority for them or is it something they think about only when it’s a problem? Ask about real-time monitoring and malware analysis and if they offer multi-layered security.
On our end, Armor has a team dedicated to vulnerability management and threat intelligence. They’ve blazed a trail in developing new methodologies for fighting back against all malicious actors, including Ransomware. We are the first cloud provider to assess specific indicators from corporate and customer environments to see if they are threats ahead of time. And if they are, we analyze the indicators so we can preemptively stop the threat before it happens. We do this by leveraging algorithms and scientific models so we can predictively choose which areas to lock down, rather than spend hundreds of hours on areas that aren’t at risk. That’s the kind of advanced security it takes to ward off a Ransomware disaster – and we’re working on creating new techniques all the time.
There’s no doubt that the IT landscape can be a dangerous place. But becoming intimidated or simply hoping for the best is never an effective solution. The right security controls are available and they can keep you protected from Ransomware criminals.