What is Ransomware?
There has been a lot of news coverage lately about ransomware and the global impact it has had on our supply chain industries. Internet Complaint Center (IC3) defines ransomware as a type of malicious software that encrypts data on computer files, systems, or networks, making it unusable. The malicious cyber-criminal demands a “ransom” for their release. If the ransom is not paid, the victim’s data remains unavailable.
Ransomware is not new in the world of cybersecurity. In 2020, there were an estimated 506,000 ransomware incidents reported with a minimum of $18 billion paid in ransoms (Emisoft Malware Lab, 2021). That number does not include the outage and restoration time of these systems and organizations, which could potentially add billions more in total cost. However, it is a challenge to know the exact number of damages caused by ransomware because not every incident is reported.
Everyone is affected by ransomware.
Colonial Pipeline, which is the largest pipeline system in the United States, suffered a ransomware attack in May. The attack shut down their pipeline operation which created fuel shortages and price increases along the U.S. East Coast. Colonial Pipeline did end up paying the ransom of $4.4M to gain access to their systems. Fortunately, based on reports, they have since been able to recover most of the ransom.
JBS, which is the world’s largest meat producer, was also a victim of a ransomware attack in June. The attack shut down its meat processing operations at its plants in North America. This disruption of meat production could easily create strains on meat prices. We still do not know if JBS paid the ransom to the cyber-criminals. We do know they have been working diligently to restore their systems and processing operations.
It is not only Fortune 500 companies that are the targets of these sophisticated attack campaigns. The cyber-criminals will target small to medium-sized organizations, local municipalities,
school districts, and even individuals. These attacks highlight a larger issue – how do individuals protect themselves from ransomware, if large organizations with infinite resources struggle with protecting the critical infrastructure in the U.S?
How do we protect our systems?
Preventing a ransomware attacks requires a multi-faceted defense-in-depth strategy. Defense-in-depth is a military strategy that relies on layers of protection. An example of this would be a medieval castle. The castle is protected by archers, high walls and even a moat. To breach the castle, the attackers would have to successfully get past numerous defensives.
GreenStone applies the same approach when it comes to protecting our systems and our customers’ information. GreenStone utilizes current internet security standards of encryption, TLS (which stands for “Transport Layer Security”), and ensures your information is encrypted between your computer and our website to prevent unauthorized access. Transport Layer Security is also used to ensure all email communication is encrypted and secured in transit. Tools like My Access and our File Exchange provide customers with another secure way to send and receive files with GreenStone.
How do you protect your system?
Securing your systems starts with keeping your computer operating system, software and applications current and up to date. These software updates contain fixes for potentially critical security vulnerabilities that have been discovered. By installing these updates, you are closing the holes that could be used by cyber-criminals to gain access into your computer or mobile devices.
Once you have your software up to date, the next step you should be taking is to make sure that you have an anti-virus and anti-malware solution installed on your computer. These products should be configured to automatically update and run regular scans on your system. Microsoft Defender is included with Windows Operating System, and it provides these protections.
The Federal Bureau of Investigation sums it up best: “The best way to avoid being exposed to ransomware—or any type of malware—is to be a cautious and conscientious computer user. Malware distributors have gotten increasingly savvy, and you need to be careful about what you download and click on”
(Federal Bureau of Investigation, n.d.).
Sources:
Emisoft Malware Lab. (2021, April 27). The cost of ransomware in 2021: A country-by-country analysis. Retrieved from Emsisoft: https://blog.emsisoft.com/en/38426/the-cost-of-ransomware-in-2021-a-country-by-country-analysis/
Federal Bureau of Investigation. (n.d.). Ransomware. Retrieved from https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
