During the 4th of July holiday weekend in the United States, fireworks weren’t the only things sending sparks throughout America and globally. IT (information technology) and security-management solution provider Kaseya became the latest victim of a ransomware attack that affected up to 1,500 businesses. Attackers (who may be linked to REvil) demanded a hefty ransom in bitcoin, per usual, and the question is, how can businesses, governments, and other organizations shore up their defenses against these unnamed, greedy criminals who plan and carry out ransomware attacks?
The 4th of July attack affected several countries. Swedish Coop supermarkets were hit hard, and hundreds of them had to close. More than a dozen schools in New Zealand were also impacted by the Kaseya ransomware attack. In June, former Cisco CEO John Chambers came out saying the U.S. could experience up to 100,000 ransomware attacks this year. NPR estimates there are more than seven ransomware attacks per hour in this nation. And they won’t stop—especially when criminals are getting what they want.
In the case of the recent Colonial Pipeline ransomware attack, the perpetrators received millions in ransom. When victims decide to pay ransoms and/or negotiate with cybercriminals, it’s always with their companies’ and customers’ best interests at heart. However, the U.S. government urges ransomware victims not to pay their attackers, because it just exacerbates the bigger issue, funding these people to then carry out additional attacks and continue the vicious cycle. That’s easier said than done when you’re a member of the c-suite of a company trying to protect your own.
Investing in cybersecurity measures proactively is less traumatic and less expensive than paying ransoms to recover stolen data and get systems back up and running, cleaning up cyberattack messes, and regaining the trust of customers. The FBI recommends businesses take simple steps like keeping operating systems, software, and applications up to date; turning on automatic updates for anti-virus and anti-malware solutions; backing data up regularly; securing backups; and creating a business-continuity plan to rely on in case of an attack.
Businesses and individuals can also follow best practices when it comes to password creation, use, and storage. Research by NordLocker suggests storing passwords in browsers is a dangerous habit that has led to 26 million leaked credentials from more than a million websites. The most affected sites, NordLocker’s data says, include social media sites like Facebook and email service providers like Gmail. Instead of saving passwords in browsers for convenience’s sake, digital-security solution provider NordPass suggests businesses and individuals take steps such as installing antivirus software, learning to identify phishing emails, using a password manager that generates passwords and stores them in a vault, and using multi-factor authentication.
The IST (Institute for Security and Technology)’s position is that ransomware is more than an expensive nuisance; it’s a national security threat. The IST’s Ransomware Task Force is working to address the increasing number of ransomware events in the U.S. and globally, and, earlier this year, released a comprehensive framework for action with recommendations to deter ransomware attacks, disrupt the ransomware business model and diminish criminals’ profits, help organizations prepare for ransomware attacks, and respond more effectively to attacks when they do occur.
The only bright side to an increase in the number of ransomware attacks is the attention it draws to the issue. When more organizations and individuals see the damage being done, hopefully they will seek out cybersecurity solutions and take precautions, because even the simplest of precautions can make all the difference in the world.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #cybersecurity #ransomware #data