How do I protect my company from data loss from phishing and ransomware attacks?
It was just an email…
James from accounting receives an email from Sue downstairs in payroll. She asks him to “Make sure these financials look okay before submitting. See the file attachment (info_217.zip)”. It looks odd, and something sounded a bit familiar from that data protection memo he saw a while back, but heck, it’s from Sue; they have known each other for years! James opens the file, and nothing happens. He figures Sue must have sent a bad file, and calls down to her. She is perplexed by this because she didn’t send an email.
Meanwhile…malicious activity may already be done…
It is during this time that the help desk starts receiving calls from users that are unable to access files on the 3 TB company share folder. James then gets a pop-up on his screen stating that his files are encrypted and inaccessible. The demand of this ransom is to pay a “large sum” of money within 4 days to receive an encryption key that will unlock the files. Otherwise, they will remain permanently locked.
“Ransomware is the fastest growing malware threat… On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015.
There are very effective prevention and response actions that can significantly mitigate the risk posed to your organization.”
~S. Department of Homeland Security
Containing the threat…to minimize data loss…
The attacker was able to spoof the email address of the company and message another staff member, making it appear as if it were an internal email request. Once the damage was done, all the IT staff can do is stop the threat from spreading to other systems internally and put their trust in their data recovery planning. The ransomware infected James’ PC and 2 other servers. All three were identified and were cordoned off from the network. Management was made aware that the amount of “ransom” money required to obtain the encryption keys (if they even EXISTED) would be in the tens of thousands of dollars.
Coming to the rescue…with proven data protection…
Realizing that they don’t have the budget for any kind of payout, management asks the IT manager what can be done and how many days it will take to recover the encrypted/inaccessible data. Thankfully, the IT staff has a STORServer Appliance protecting their data. The backup administrator is able to explain to management the encrypted data can be restored very easily and quickly. In fact, one of the servers is a virtual machine and is able to spin up from backup to be used in a matter of minutes.
“There’s been an increase in targeted ransomware attacks this past year, Justin Warner, director of applied threat research at Gigamon, said. ‘Anyone responsible for the security and operations of IT assets needs to be prepared for the possibility of destructive attacks, as they affect companies of all sizes and all industries.’”
What We Can Learn from the Ransomware Attack That Crippled Norsk Hydro
Ransom attacks are very real and require sophisticated data protection
“Don’t be fooled by the drop in overall ransomware attacks this past year: Fewer but more targeted and lucrative campaigns against larger organizations are the new MO for holding data hostage… more than 80% of ransomware infections over the past year were at enterprises, as cybercrime gangs began setting their sights on larger organizations capable of paying bigger ransom amounts than the random victim or consumer.”
Ransomware’s New Normal
Written by Mike Swartz. Mike has been a Senior Technical Consultant for STORServer, Inc. since 2007. He enjoys spending time with family and friends. Mike loves to go camping, backpacking, and fishing when he isn’t a “chauffeur” to his three very busy teenage children (sigh)!