Ransomware Targeting Remote Workers

RANSOMWARE_BLOG

Ransomware Targeting Remote Workers

RANSOMWARE_BLOG

While making the shift to remote work in response to COVID-19, the global software development firm known as Sapiens International was hit with a cybersecurity breach; leaving the organization momentarily crippled.

First reported by the tech news organization, Calcalist on June 14, 2020, the method of this attack can be most commonly defined as a ransomware breach; in which hackers restrict access to business critical information by encrypting files and demanding payment for release.

Noting the severity and potential spread of this single attack, it’s expected that Sapien was forced to pay out nearly $250,000 in Bitcoin to a hacking group that continues to remain anonymous. While the organization has yet to officially report the situation to American exchange authorities, this event should stand as a precautionary warning to businesses with lax security policies for remote workers.

What This Means for Small & Medium-Sized Businesses

During the first quarter of 2020, ransomware attacks were most commonly found to hit businesses in the healthcare, professional services, finance, retail, and education industry sectors. Noting that Sapiens primarily develops software geared towards insurance and financial institutions, this undoubtedly left the organization with a large target on its back.

But international organizations, like Sapien, aren’t the only businesses at risk. In 2018, 71% of all ransomware breaches impacted small and medium sized organizations; with the main goal being to simply disrupt the flow of business to increase the likelihood of a payout. In turn, while the normal payout for one of these smaller attacks is around $12,762, this does not account for the lost time and productivity that inevitably ensues as a result. As of 2019, successful ransomware attacks shut down small and medium-sized organizations for an average of seven days and three hours; resulting in an average loss of $65,000 in product or service sales. And now, as many small and medium-sized businesses find themselves adopting the remote working policies of their international counterparts, it’s likely that these statistics will continue to rise without precautionary measures in place.

How to Prevent Ransomware While Remote

So what can business leaders do to mitigate the risks associated with ransomware attacks? For starters, organizations should reevaluate their current cybersecurity infrastructure and consider deploying the following initiatives that have become standard best practices for businesses with remote workforces.

Phishing Training – Phishing attacks are confidence scams, typically sent via email, where attackers pose as a reputable person or organization in hopes of stealing information or gaining access to a network. To train individuals on the tell-tale sign of these attacks, phishing prevention systems can create harmless emails posing as an online meeting invitation, document sharing links, and business responses to COVID-19. By checking to see which individuals click on these emails sent through the training software, organization leaders can pinpoint vulnerable employees and provide further training to prevent a real breach.

Backups – As mentioned previously, ransomware attacks seek to lock individuals out of business critical information. For businesses that only keep their information in a single on-premise server, this can prove to be detrimental. In turn, organizations that don’t deploy off-site backups of their files will be left with no other option but to pay the ransom. That said, even if the ransom is paid, there’s a slim chance the decryption key received will not work. If that occurs and no backup is present, the entire business infrastructure could potentially fall apart.

Multi-Factor Authentication – On some occasions, ransomware attacks not only seek to encrypt files, but also gain control over employee accounts and entire applications. When this does occur, multi-factor authentication serves as a strong barrier between the hacker and a business’ resources. Whereas most application logins ask that individuals enter a password, employing a MFA service requires an individual to provide yet another method of identification to login. Most commonly, this secondary verification is tied to an individual’s smartphone and may utilize biometric verification, software tokens, push notifications, or a static PIN. For more information on MFA, check out this article.

Application Restrictions – Some newer ransom-based malware use legitimate programs to attack networks. By setting proper security policies, business leaders can set permissions to ensure only certain individuals are able to install specific applications on work devices. In turn, should a threat breach a business’ network, taking this step can greatly reduce the likelihood of the virus’ spread.

Endpoint Detection and Response – Traditional antivirus software tracks and blocks known viruses based upon the unique signatures that each carry. With new ransomware being developed on a daily basis, it’s impossible for these programs to update their lists to account for new threats in a timely manner. Alternatively, endpoint detection and response services track unusual behaviors that many individuals are not likely to make on their devices; halting these actions and reporting the findings to a business’ security lead for review.

Patching – While a large portion of ransomware attacks arise from email phishing, another risk lies in outdated programs or operating systems. When a developer issues an update or patch for a program, many times they are resolving a security vulnerability. If these patches are not pushed across an entire business quickly, hackers can successfully deploy codes to take advantage of the software’s flaws. Depending on the severity of the vulnerability, malicious code can be developed to gain remote access to a computer, escalate user privileges, and creep deeper into the now accessible network.

In 2020, ransomware attacks target a business in the U.S. every 14 seconds. And although the breach that hit Sapien International has been aired to the public, the reality is that attacks like this can go unreported for some time. Keeping that in mind, this recent event should stand as a precautionary warning to global and local businesses alike. For individuals that are interested in learning more about the initiatives many organizations are deploying to balance security and workforce flexibility, give Rocket IT a call at 770-441-2520.

Posted in ,