Responding to and Protecting Against Ransomware

Responding to and Protecting Against Ransomware
Author: Larry G. Wlosinski, CISA, CISM, CRISC, CDPSE, CISSP, CCSP, CAP, PMP, CBCP, CIPM, CDP, ITIL v3
Date Published: 3 September 2020

There have been many recent successful ransomware attacks, and there is frustration that in today’s cybersociety, information security safeguards and best practices are not being followed by local governments, financial services, law enforcement, academia, government agencies, healthcare organizations and businesses and commercial enterprises. The cyberattack threat vector has become a lot more serious than a simple denial-of-service attack to the network infrastructure (i.e., online business) or to a website that offers services, a means of acquiring goods or information. A ransomware attack is now a major event that has long-lasting effects and can jeopardize government services, the existence of commercial enterprises and, as we have seen recently, even our schools.

This attack vector has become a loud bell that rings over and over as a reminder that information security must be implemented effectively, otherwise an organization can lose money (because of gaps in business and services) or potentially the entire business. The people in charge of protecting against cyberattacks can also lose their jobs.

Cyber insurance is an option, but it cannot always be used if attacks occur over and over again. Paying the ransom can be a waste of money if lessons are not learned and new safeguards are not put in place. Attackers may come back because of a previous success. Although detection, response and recovery are important, they should only be used when prevention fails.

School systems appear to be a fruitful target for ransomware. In 2019 there were over 1,000 recorded attacks on US schools alone, and we have seen renewed attacks in the new school year. Part of the reason has been that the schools were paying the ransom, thereby painting a target on themselves as a source of income. To add wood to the fire, some obtained cyber insurance and made themselves a definite source of revenue for the attackers. One way of going forward is for the schools to meet and compare notes (via lessons learned), and exchange ideas and best practices. Endpoints (i.e., laptops, desktops, etc.) should be protected by using a common baseline that can be quickly reinstalled. Enterprise system software could be common (but isolated) in school districts to provide a network of recovery avenues. Data should be backed up locally and in a cloud data storage service, the cost of which could be shared by participating schools. These are just some ideas, and I encourage other industries to make an effort to join together and establish a more secure digital environment.

There are five areas to focus on when working to make an organization more secure: prevention techniques as they relate to network architecture, configuration safeguards and computer operations; protection best practices; advance detection techniques, tools and resources that can be used to alert the response team; response options; and recovery.

Organizations need to be aware of the various aspects of ransomware, know how to fortify their enterprises and know how to plan for and respond to cyberattacks.

Editor’s note: For further insights on this topic, read Larry G. Wlosinski’s recent Journal article, “Ransomware Response, Safeguards and Countermeasures,” ISACA Journal, volume 4, 2020.

ISACA Journal