Part 3: How Ransomware Attacks are Escalating and What to Do About Them
The technology world has a habit of shifting underfoot, faster than many organizations can run. In the wake of the first two blogs in our three-part series on ransomware, the problem has escalated dramatically. In this post, we want to chart some significant recent developments and explain what you can do to protect yourself.
Recent ransomware attacks
Those organizations still not taking ransomware seriously were forced to sit up and take notice in early May. The White House declared a state of emergency as gas prices spiked to a seven-year high of $3 per gallon and airlines were forced to change aircraft schedules. The cause was a ransomware attack on Colonial Pipeline that forced the company to shutter the pipeline, which delivers around a third of the oil supply to the east coast.
Any organizations thinking that ransomware was a niche problem had to rethink things after the Colonial Pipeline attack. If they didn’t, then the next attack would surely have convinced them. Just three weeks after ransomware disrupted oil distribution on the eastern seaboard, it bought US meat production to a halt. Brazilian meat processing company JBS Foods suffered an attack that halted processing at plants around the world, including the US, which suffered disruptions to a fifth of its meat production.
The attacks we’re seeing
These attacks broke new ground in affecting parts of the US critical national infrastructure at scale, but they’re just two in a growing number of attacks that we are seeing affect companies in the US and further afield.
In our work with organizations across multiple sectors, we note that utilities – especially municipal ones – are at particular risk. Other sectors that face attacks on a regular basis include manufacturing and healthcare.
The internet of things represents a cybersecurity challenge for all of these sectors, which are busy retooling their infrastructures with connected devices that sense and in some cases manipulate their physical environments. Manufacturers are upgrading production with connected devices in a trend that experts are calling the fourth industrial revolution, or ‘industry 4.0’. Utilities use connected devices ranging from smart meters to remote pipe and cable-based sensors to ensure that electricity and water flows efficiently. Meanwhile, healthcare companies rely on connected medical devices for many aspects of primary care including patient monitoring.
In some cases, companies are unwilling or unable to upgrade security on these devices lest they void their warranties or affect mission-critical specialist functions in unpredictable ways. We have also identified negligence as a big factor in many cases, where staff may be inadequately trained or resourced to scan for vulnerabilities, prioritize them, and apply the necessary patches.
The US government is well aware of the potential for ransomware to wreak even more havoc beyond May’s devastating attacks. It has escalated the situation to the highest level. Deputy national security advisor on cyber Anne Neuberger has warned companies about ransomware risks in an open letter.
The letter warns organizations to do what the federal government has already done by viewing ransomware as a threat to core operations. That means interpreting it as an existential threat to an organization, in the same way that the government now perceives it to be a national security issue.
To that end, the Department of Justice recently created a ransomware task force and raised its internal classification of ransomware attacks to a similar level as terrorist events. The White House also issued an executive order to bolster government cybersecurity as an example to private sector and state organizations.
The consequences of not protecting yourself adequately against ransomware can be severe. Having paid a ransom (much of which the authorities managed to recover), Colonial Pipeline now faces legal action from a gas station hoping to represent thousands of others in a class action suit.
While the attacks on Colonial Pipeline and JBS caught the world’s attention as examples of attacks that threaten nationwide systems, it is important to remember that ransomware also affects smaller companies. Even if you run a small or medium-sized business, this threat isn’t something you can ignore.
What you can do to protect yourself
Companies from small retail stores through to the largest multinational corporations must take action to protect themselves from the ravages of ransomware. I covered some protective measures in my blog about preventing ransomware. These include human-centric measures such as user education, but also technical protections such as securing endpoints by locking down unused ports and protocols, while also installing and maintaining endpoint detection and response systems. Companies should also secure back-end systems using tried and tested techniques such as software patching.
The 2021 Spotlight report on ransomware from cybersecurity company RiskSense and Cyber Security Works demonstrates the need for better patch management processes. In 2021, it found 223 vulnerabilities tied to ransomware, with almost 40% of them emerging between 2018-2020. Although patches will have been available for most of those vulnerabilities, two thirds were still being exploited in the wild. Companies must do better at scanning for vulnerabilities and prioritizing them for patching.
The more effective measures you can put in place to harden your systems and processes against ransomware attacks, the better. These include using multi-factor authentication to stop cybercriminals from compromising employee accounts and using them to spread ransomware.
In its advice to organizations facing the ransomware threat, the government emphasized the importance of a skilled, empowered security team. For many companies, that kind of talent is difficult to build in-house, yet it is essential to share and incorporate threat information into your defenses.
This is where third-party expertise is invaluable to help identify vulnerabilities and assess risk. A specialist cybersecurity services partner will help implement practical measures to secure your network, the devices that connect to it, the applications and operating systems they run, and the people that use them.
Don’t leave things to chance. Talk to Lumen today about how we can help protect you against tomorrow’s attacks.
This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. ©2021 Lumen Technologies. All Rights Reserved.