Ransomware Attacks Become More Targeted

The following was originally published in the September 1, 2019 edition of Foster's and Seacoast Sunday.

This year has seen quite the increase in ransomware attacks across the globe. Some industry statistics suggest that ransomware attacks have grown anywhere from 200 to 400% this year. That’s a staggering increase.

The United States remains the number one target for ransomware attacks. Canada and the United Kingdom come in a very distant second and third. Without question, the United States represents a target rich environment for hackers.

Over the past several months the attacks have become more targeted. Municipal governments, higher education and MSPs, Managed Service Providers have been targeted. Just this week the dental industry has found itself in the hacker’s cross-hairs.

Why are ransomware events increasing in frequency? They represent a crime of opportunity. Most are perpetrated by criminal elements as these types of attacks are relatively easy to launch and can be very profitable for the perpetrator. If you are not familiar with what ransomware is, and I’m not sure how you could not be, simply put a hacker tricks a computer user to do something that installs the ransomware on the workers network. The ransomware then encrypts all the data it can find, making it unusable. When workers on the infected network try to access their data, they will see a message pop-up on the screen informing them what has happened and demanding a ransom payment to restore their access to the data.

At this point, impacted organizations typically have one of three options: 1) rebuild their network and all their data from scratch. This is usually not practical for a myriad of reasons; 2) restore your data from clean backups that have not been infected. This is the best possible outcome, provided too much time has not passed or the backups have not been impacted; 3) pay the ransom and regain access to your data. While doing this only emboldens the hackers, many impacted organizations have chosen this route as it often is the fastest and least expensive route to return to normal operations.

The targeting of these attacks is somewhat new. Municipal governments are often an easy target. Municipalities focus their budgets on providing services to the citizenry. Often, IT and IT security are not high priority budget item. As a result, cybersecurity awareness training is often non-existent or rare. This makes municipal workers more vulnerable to these types of attacks. Once infected, municipalities are often ill-equipped to quickly identify and contain the spread, making recovery difficult, lengthy and expensive. High education is typically savvier when it comes to IT and IT security, but the target population is typically very large and easy to infiltrate.

With respect to the targeting of MSPs, this makes sense as MSPs have access to literally thousands of computer systems and if a hacker can infiltrate an MSP, they can potentially use that as a launching point to hit more organizations with greater speed, efficiency and impact. The industry knows this and is aggressively circling the wagons to ensure tight coordination between all the key players to be sure that IT products and services, particularly those used by MSPs are hardened to these threats. If a company gets hit by ransomware, they will most likely need to reply, at least in part, on one or more outsourced IT partners to recover. That’s why the industry is being very proactive and vocal about making sure all IT companies servicing other customers are as secure as possible and have the best early warning systems in place to trap an incident before it can do widespread damage.

It is not yet clear why dental offices were targeted in the most recent ransomware outbreak. There are plenty of theories as to why, but until more investigation is done, it would be irresponsible to speculate. I have my thoughts but will wait to see what the investigations uncover.

The bottom line is that you need to be aggressive about establishing your culture of cybersecurity awareness. You need to train and re-train your staff, so they are tuned to what to watch out for. You need to allocate budget to cybersecurity and perhaps even IT in general, to stand a chance at defending yourself. You also need to talk to your business partners. Anyone who can access your network remotely could be considered a risk. You should audit those organizations, ask to see their internal cybersecurity policies and have them attest to the security of their systems, so you know they will not be a potential threat vector into your company.

The spread of ransomware is a complex issue. Training is the absolute best defense, along with a layered approach to IT security so you have a chance to catch any event before it has widespread impact. You should be able to look to industry resources for help, as well as your IT partner and consultants. Just do something. Don’t wait to see if you will fall victim. Get proactive about making sure you won’t be.