Positive developments on the ransomware front

Ransomware was in the news again last week — but for once a positive development made headlines. On Thursday, Jan. 26, the U.S. Department of Justice announced that it had disrupted and dismantled a hacking group accused of stealing data.

The FBI and its investigative partners in Europe discreetly tunneled into the servers and websites operated by Hive, one of the world’s most active cybercriminal organizations, over the summer. They then spent months surreptitiously observing Hive’s operations and disrupting attempts to extort $130 million in ransom from more than 300 companies, including hospitals, schools, and other important civic entities in the United States and abroad.

By “hacking the hackers,” as government officials put it, they were to seize two of Hive’s California-based computer servers and break up the organization’s presence on the dark web, where stolen information is sold and traded. No arrests were announced, but the Department of Justice said the investigation is ongoing.

“Cybercrime is a constantly evolving threat,” Attorney General Merrick Garland said in a press conference. “But as I have said before, the Justice Department will spare no resource to identify and bring to justice anyone, anywhere, who targets the United States with a ransomware attack.”

Does this mean ransomware threats are over?

Sadly, not quite. This nefarious cybercrime still proliferates around the globe, with hackers targeting victims in two different ways. First, once information is stolen, bad actors like Hive threaten to destroy or erase important business data, forcing the hand of companies that can’t continue operations without it.

Second, hackers often threaten to publicize the attack, which can have major reputational impacts on large businesses with well-known public profiles. Over the last few years, these have included Apple, T-Mobile, Kronos, Cisco, and the Los Angeles Unified School District. This component of ransomware attacks can lead to expensive regulatory and compliance problems, including millions of dollars to settle class-action lawsuits and the long-term loss of loyal customers.

Luckily, the high-profile nature of ransomware has led government agencies to step up their efforts to respond and react to attacks. In the U.S., the FBI operates 56 Cyber Task Forces in field offices across the country, working with the IRS, the Department of Education, the Office of Inspector General, the Secret Service, and state police in all 50 states to assist with investigations and negotiations.

In addition, the FBI operates a 24/7 cyber watch center that connects the private sector and intelligence agencies in other countries. The Internet Crime Complaint Center, ic3.gov, coordinates with the Canadian Centre for Cyber Security, for instance, so that information is shared seamlessly.

Can ransomware be prevented before it reaches my computer?

It definitely can. Many cybersecurity experts describe ransomware as an escalating form of attack — not a one-and-done incident. Cybercriminals often deploy a series of tactics and techniques to test the waters before launching an attack. These include security vulnerability scans, social engineering scams, and password theft that can provide clues about a company’s level of protection.

That’s why CMIT Solutions takes a comprehensive approach to cybersecurity. By deploying multiple layers of protection at several different points of potential attack, you can enhance the protection of your business — and stop ransomware attacks before they encrypt your data.

Here’s what we recommend for proper security hygiene:

• Reliable data backup. The best way to mitigate ransomware attacks and prevent the need to pay a ransom is by beating cybercriminals at their own game. They might think that the loss of your data will be devastating. But regular, remote, and redundant data backups render the question of whether to pay for the return of stolen information moot. Even if a double-layered ransomware attack is unleashed against your company, restoring data from a recent backup can help your business bounce back quickly and securely.

• Endpoint detection and response (EDR). This advanced cybersecurity tool gives trusted IT providers the ability to monitor every potential entry point to a company’s network. This allows for traffic analysis, heat mapping to spot malicious activity, real-time threat identification, and automated responses to common ransomware attempts. If cybercriminals testing the waters see this kind of protection around your systems, they’ll often move on knowing they won’t have a chance of breaking in. EDR solutions can be installed on every computer and device in your network so that the weakest link — say, a smartphone connected to public Wi-Fi — is monitored continuously.

• Multi-factor authentication (MFA) and single sign-on (SSO) tools. MFA and SSO have become industry standards — gone are the days when these extra steps were considered annoying or even unnecessary. These login protocols, which require a user to enter his or her password followed by a unique code or push notification typically delivered by text, email, or dedicated SSO app to confirm their identity, can mitigate the pain of a stolen password, which is often reused by hackers to access networks, databases, and computers and scan for other administrative vulnerabilities.

• Automatic rollout of security updates and software patches. Many computers still run out-of-date operating systems and older legacy software applications that can pose serious threats. Hackers have targeted everything from Microsoft’s Windows 7 to Mac’s Big Sur looking for ways to exploit end-of-support scenarios. Quick system scans can tell cybercriminals which computers are still running these old operating systems and allow them to then steal passwords, payment card information, and even cryptocurrency wallets. The automatic deployment of security updates and software patches by a trusted provider like CMIT Solutions can beef up privacy and prevent bad actors from accessing your machines.

• Knowledgeable IT support to keep your business running. In addition to the tools outlined above, smart security experts know how important it is to take a proactive approach to protection. Instead of waiting for a ransomware attack to happen, organizations like CMIT Solutions monitor client systems 24/7, deploying advanced anti-malware, traffic analysis, and multi-layered network security solutions to keep every user and every piece of data safe. Our North America-wide network communicates regularly to share ransomware best practices, and we provide best-in-class cybersecurity training that gives your employees real-world training.

We consider ransomware an existential threat to businesses of all sizes, in every industry, and in every location. That’s why we provide advanced cybersecurity protection that keeps up with current and future threats. We’ve earned the trust of thousands of clients by working around the clock to mitigate threats and maintain day-to-day operations. As fellow small-business owners ourselves, we understand how disruptive even one hour of downtime can be.

If you’re ready to better understand the ransomware threat and protect your company’s most critical information, contact CMIT Solutions today. We defend your data, protect your systems, and empower your employees to do their best work.