22 Texas Government agencies from the local to state levels have been hit with ransomware – do you understand how ransomware works, and how to protect your organization against it?
You’ve probably heard a lot about ransomware. It’s easy to hype up the doom and gloom about cybercrime – fear is often a great motivator. But at a certain point, it’s probably turned into background noise, right? You hear so much about types of threats that you get numb to it.
Here’s a reminder of just how real cybercrime is: 22 different organizations in Texas, many of which are local government agencies, were just infected with ransomware. Last Friday, the attacks began, and while specific details are being withheld, in the time since then only some of the organizations have managed to move to a “remediation and recovery phase”.
The Texas Depart of Information Resources (DIR) states in the following in a release posted to its website:
“Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyber Response and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions. Further resources will be deployed as they are requested.”
It’s important to note that this doesn’t mean you’ll definitely get hit with ransomware tomorrow – but it’s worth noting that this represents a shift in how cybercriminals are carrying out these attacks. Whereas they usually occur as “targets of opportunity” (i.e. casting a wide net and hoping for victims), it appears these entities were targeted directly.
You simply have to recognize that this is a reality, and the smart move is to take a few simple steps to protect yourself against it right now. As they say, an ounce of prevention is worth a pound of cure.
Let’s start from a position of knowledge…
How Does Ransomware Work?
In a ransomware attack, a hacker gains access to an organization’s computer systems. Typically, an unsuspecting employee clicks on an emailed attachment that appears to be a bill or other official document. In actuality, the attachment installs a malicious software program (malware) onto the computer system. Once embedded, the malware allows a hacker to access critical systems, often giving complete remote control data and access.
Hackers are getting more sophisticated. Today, the malicious code may be placed on a website. When a user with an unsecured or unpatched software program accesses the site, the malware slips inside that user’s computer.
How Ransomware Infects Your Systems
Phishing is a hacking technique that “fishes” for victims by sending them deceptive emails. Virtually anyone on the internet has seen a phishing attack.
Phishing attacks are mass emails that request confidential information or credentials under pretenses, link to malicious websites or include malware as an attachment.
With only a surprisingly small amount of information, cybercriminals can convincingly pose as business members and superiors in order to persuade employees to give them money, data or crucial information.
- Web Browsers
They may seem like an obvious, old trick, but pop-ups are still causing problems.
Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox. They spam users with official-looking pop-ups informing them of an “infection” or “security alert” prompting them to download a file or click a link.
That’s where the ransomware comes into play. As with so many of these methods, it just comes down to getting the user to interact with malware in some way without knowing it.
- Social Media
Another avenue for dangerous links, the instant messaging apps in social media platforms like Facebook Messenger can be used by hackers to infect users’ systems. That’s why it’s important to include social media in your cybersecurity policies, mitigating the potential for employees to click the wrong link.
- Out Of Date Hardware
Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software, applications, and programs?
Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.
Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.
This is why it’s imperative that you keep your applications and systems up to date.
Unfortunately, most users find updates to be tedious and time-consuming and often opt to just click “Remind Me Later” instead of sitting through an often-inconvenient update process.
Comprehensive and regular patch management is a crucial part of proper IT security. Some of the worst data breaches are based on “zero-day exploits”, which are based on exploits found by hackers but not by the developers, leading to severe security risks and an immediate need for patching.
- Unused Systems
You can’t forget about that old desktop you have in the corner of the office that no one uses. Not only is it taking up space – it’s also putting you at risk.
Forgotten hardware doesn’t get patched, updated or included in the deployment of new security technology, but it’s still connected to your network, right? That’s what makes it such a great target for hackers.
This type of hardware needs to either be removed from the network entirely or kept up to date and secured along with the rest of your infrastructure.
How To Protect Against Ransomware
Be sure to follow these tips, which are applicable to organizations, employees and individual computer users:
- Enlist expert support from a cybersecurity company to ensure you’re kept safe by a trained team.
- All software, firmware and operating systems should be patched on desktop and digital devices (including smartphones, tablets, and laptops). A centralized network patch management system can make the coordination of these efforts easier in large organizations.
- Confirm that anti-malware and antivirus settings are deployed to automate all updates and to continually conduct system and device scans.
- Have very clear access and authorization procedures in place. Do not provide administrative access to employees unless absolutely necessary. Administrator accounts should be used sparingly.
- Access controls should be configured so that shared permissions for directories, files and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories.
- Train your staff to ask themselves these key questions before opening an email:
- Do I know the sender of this email?
- Does it make sense that it was sent to me?
- Can I verify that the attached link or PDF is safe?
- Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
- Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify?
- Does anything seem “off” about this email, its contents or sender?
- Macro scripts in office files should be disabled when sent over email.
- Software restriction policies should be created or other controls implemented that prevent the execution, especially in the common locations where ransomware lurks, such as temporary folders used by the most common web browsers.
If you’re not sure about how to ensure your protection against ransomware and other cybercrime threats, then don’t try “fake it ’till you make it”. Be sure to consult an IT company if you’re unsure as to the state of your healthcare organization’s ransomware contingencies.
Like this article? Check out the following blogs to learn more: