Every few days it seems like another major ransomware story is hitting headlines.
We’re undoubtedly in a ransomware epidemic. And if we weren’t mid-Covid-19 recovery, these attacks would certainly make even bigger news. Just last week here in the UK, one of our largest train companies was hit by an attack. Northern Rail, a state-owned operator, suffered a ransomware cyberattack on its self-service ticket machines. This resulted in serious disruption to journeys and operations only hours after most Covid-19 restrictions were lifted in the country.
Meanwhile across the pond, the USA’s President Biden has ordered an investigation into a serious ransomware attack that rendered thousands of businesses inoperable over the 4th July weekend. Two weeks prior, companies across the globe from Sweden to New Zealand fell victim to what experts are calling “the biggest ransomware attack on record”. Kayesa, a Florida-based IT firm, was infiltrated by malware which was distributed to customers under the guise of a security patch update. As a result, large swathes of data were held to ransom. Returnable upon payment of $70 in bitcoin, no less.
Kayesa – the biggest victim of the ransomware epidemic?
What makes the Kayesa attack so terrifying isn’t its global reach or that dumbfounding ransom price. It’s that Kayesa is a Managed Service Provider (MSP). Thousands of business customers use Kayesa’s IT infrastructure and cybersecurity services, with many entirely dependent on the company for their technology availability. Kayesa should be the most secure of the secure. Yet a vulnerability was exploited, and they paid the price along with a worldwide client base.
Accompanying these horror stories of the ransomware epidemic is a constant deluge of smaller-scale attacks and near misses. From the recent Microsoft OS PrintNightmare and government military sites, to price comparison websites and charity pages. The threat of ransomware attack is unrelenting and imminent. To literally every organisation. And to add insult to injury, post-attack recovery costs are skyrocketing. In fact, in the first half of 2021, recovery costs have doubled in comparison to 2020. So, what can you do about it?
- Firstly, don’t lose faith in MSPs. But please be diligent about who you choose to outsource your IT infrastructure and cybersecurity with. Ask not just about the cybersecurity services an MSP can provide to you, but how they protect their own technology. When scoping a provider (or reviewing your incumbent), enquire about their data centre security, auditing schedule, internal security policies and breach history. A good MSP will happily provide this information.
- Choose a fit-for-purpose anti-malware product. As an MSP ourselves, we discourage purchasing and installing any off-the-shelf antimalware or internet security product. To combat today’s rapidly evolving ransomware threat, a configured, monitored business-grade solution is necessary. Make sure your antimalware product offers Advanced Threat Protection (ATP) and utilises Machine Learning (ML) to block unknown threats. Read about Starcom’s here.
- Consider the aftermath early. Even if you’re lucky – in the sense that data isn’t stolen or compromised, and your systems are recoverable – you still don’t get a free pass with ransomware. It’s likely some operational downtime will occur. Which depending on your industry and operational model, can range from inconvenience to full-blown disaster. Ensure that comprehensive Disaster Recovery technology and Cyber Insurance are in place to protect continuity and avoid further financial agony. Read our Ransomware and Cyber Insurance Guide here.
- Refresh cyber awareness training. Some attacks, like the Kayesa, can only be blocked by the best cybersecurity software. However, experts are charting a worrying uptick in ransomware delivered via malicious email attachments. Refreshing cybersecurity awareness training and accompanying with regular (and tricky!) phishing simulation tests can help your business control its risk against cyberattack.
- Never panic and pay a ransom. There are two reasons for this. If you’ve been attacked, the threat actors to blame have shown zero regard for you business, customers and employees. To trust that they would return data or system upon payment is a huge gamble which could worsen your predicament. And secondly, paying up fuels the vicious cycle of ransomware. If you absolutely must pay, never do so without the support of specialists such as DR experts and ransomware negotiators.
How long could you survive if you were the ransomware epidemic’s next victim? Multi-layered, robust and integrated cybersecurity is the best defence against evolving ransomware in 2021. Speak to Starcom on 0844 579 0800 to book our industry-leading security audit.