La semana pasada, la gente de mi parte del país en Carolina del Norte entró en pánico. No se puede conseguir gasolina por amor o por dinero. ¿La causa principal? Colonial Pipeline, una importante empresa de oleoductos y gasoductos, se vio afectada por un importante ataque de ransomware. Con el cierre de cuatro grandes gasoductos, la gente de todo el sureste de los Estados Unidos hizo fila en las estaciones de servicio por cada gota de gas que pudieron conseguir.
You may not think that ransomware is a serious threat. But me and almost everyone in the southeast? We believe. This is how the attack worked. First, the software used, DarkSide, is malware that is offered as a service to scammers through an affiliate program. Yes, ransomware is a franchise operation these days. Like other ransomware programs, DarkSide encrypts all of your files. It uses Salsa20 or RSA-1024 encryption. It locks down your data, and there's not much you, or anyone else, can do to get it back on your own. Both can be broken, but it's not easy. This means that if you don't have an up-to-date backup, you're almost broke. Your other option is to pay for a decryption key. This is what Colonial Pipeline did; he ended up paying almost €5 million. Guess what? The decryption key works so slowly that sources say Colonial Pipeline ended up using its own backups to restore corporate systems anyway. Ransomware attackers can also threaten to release your sensitive data to the public, and your customers won't love it! They will also threaten to make it known that they have your business data. Since you certainly do not want to reveal that you have been hacked, this is an effective threat. If they can't charge you for the data itself, the goal is to blackmail you. There are several ways to get infected with DarkSide malware and other ransomware programs. These include, according to security firm Intel471, "exploitation of vulnerable software such as Citrix, Remote Desktop Web (RDWeb), or Remote Desktop Protocol (RDP)" and, of course, phishing. There is always phishing. Adding insult to injury, according to Cybereason researchers, the ransomware shuts down backup, snapshot, and antiviral services. On Windows systems, it also uses a PowerShell command to delete all existing Shadow Volume Copies. It will only get worse. Security firm Check Point reports that ransomware attacks have increased 102% since 2020. That's an average of more than 1,000 organizations attacked each week.
How to prevent ransomware attacks
So what can you do? To get started, you need to practice all the usual good security techniques. This means keeping all programs and operating systems up to date with the latest patches, constantly checking and rechecking your systems for potential infections, using two-factor authentication, and letting certain employees know what phishing attacks look like and how to avoid them. .
You also need to constantly perform full backups and make sure they are working. If you can't restore your systems, it doesn't matter when you backed up.
Check Point also warns that attacks appear to occur more frequently on holidays and weekends, especially before three-day weekends. So don't leave the office until you're sure your systems are secure and fully backed up.
You should also invest in anti-ransomware software. It's a constant battle between forwards and defenders and for now, the forwards have the upper hand. That said, at least programs like Bitdefender Antivirus Plus, Check Point ZoneAlarm Anti-Ransomware, Kaspersky Security Cloud, and Sophos Intercept X Endpoint give you a fighting chance. If it's too late and you've been attacked, you can try NeuShield Data Sentinel to recover data.
You can try to get commercial insurance against ransomware attacks. But it may not be available for a long time. The multinational insurance company Groupe AXA has announced that it will stop issuing ransomware policies in France. I hope this is the start of a bad trend.
The FBI and the US Cybersecurity and Infrastructure Security Agency. UU. (CISA) have their own list of do's and don'ts to avoid ransomware. It's a good list.
That being said, there is one recommendation that I don't totally agree with. They suggest that you do not pay ransomware criminals: "Paying a ransom may encourage adversaries to target additional organizations, encourage other criminals to participate in ransomware distribution, and/or finance illicit activities. Payment of the ransom also does not guarantee that the victim's files will be recovered."
But if your only other option is to go bankrupt, there's not much you can do except bite the bullet, buy Bitcoin, and pay.
Don't think this is the easy way. That's not. First, the average payment for ransomware, according to security firm Sophos, is €170,404. Worse still, even if you pay the fees, the Sophos survey found that only 8% of organizations managed to recover all their data. (Only 29% recovered half of their data.)
Oh, and by the way, if you recover your data yourself, Sophos estimates that it will cost you an average of € 1.85 million to restore your business to normal.
What you really need to do is take the time now to prevent ransomware from affecting your business in the first place. And if so, make sure your backups are set up and ready to go.
Yes, it's a lot of work.
So read this:
<p>Copyright © 2021 IDG Communications, Inc.</p>