When the REvil ransomware gang attacked Kaseya VSA and many of its customers recently, Kaseya urgently advised clients to unplug from its platform. Organizations responded. Our Cortex Xpanse global Attack Surface Management platform detected a 96 percent drop in the number of vulnerable Kaseya servers visible to attackers over the internet – going from about 1,500 on July 2 to just 60 on July 8.
While that response to the attack likely prevented even more infections, it also pointed to an unfortunate reality. Sounding the alarm and shutting down access to critical software in a panic is not the best way to fight the growing ransomware epidemic. When organizations wait to react to ransomware until after it hits, disruptions are inevitable. The goal should be to prevent attacks and disruptions from happening in the first place, which means that the best time to prepare for ransomware is now, before you are attacked.
The REvil attack is just the latest indication that the global ransomware gangs are still growing vigorously in numbers and strength, becoming ever more audacious, and innovating themselves into increasingly spectacular and lucrative attacks. And why not? The returns on investment are spectacular and the risk of getting caught is almost nonexistent.
In this most recent incident, REvil showed us something new, a wholesale approach that infected some of Kaseya’s direct customers and then many of those customers’ own clients through a single attack on Kaseya itself. (In an update regarding the attack, Kaseya wrote that “fewer than 60” direct customers were affected and “fewer than 1,500 downstream businesses” were impacted.) Then REvil demanded a single, eye-popping ransom of $70 million (since reduced to $50 million) for a universal decryption key that will work for any and all of the victims.
Compare that to just six years ago, when the average ransom demand in our clients’ cases was about $10,000. Or to just last year, when the average ransom demand had climbed to about $850,000, according to the 2021 Unit 42 Ransomware Threat Report, and the largest payout for the year was under $5 million.
(If you think you may have been impacted by this or any other attack, please reach out to the Unit 42 Incident Response Team.)
You probably have a disaster recovery plan for fire, earthquake and other natural disasters. A ransomware attack can have similar impacts on a company’s operations and should carry the same level of preparedness. You can start by asking yourself these questions:
- Think as if you were the attacker. Knowing your organization as you do, what would hurt you the most? Which data do you need to consider and protect?
- Do you have a written incident response plan and playbook for a ransomware event? Have there been changes to the people in your organization, new technology, etc.? When was the last time you tested and revised it?
- Have you run simulations and pen tests and validated your detection and response capabilities processes? Did you find any gaps between the plan and standard operating procedures?
- Do you have backups? Are backups of your most critical data offline and offsite? Have you tested restoration and confirmed your backups work as expected?
- And finally, do you have cyber insurance and an incident response retainer in place in the event of the worst case scenario?
The key is to think about the changes you would make after a ransomware attack and figure out how to make those changes before an attack actually takes place. You have the power to fight back, but it starts with being prepared.
Consider engaging a team of cybersecurity professionals to conduct a Ransomware Readiness Assessment that will help you determine how prepared you are for an attack, run tabletop exercises and identify any security gaps that need to be filled.
View the original post at Palo Alto Networks.
Predictive, Pre-Deployment, Post Installation and Health Check Wireless Surveys carried out by certified wireless engineers.
We look at Wi-Fi fundamentals, explore the benefits of and technology behind Wi-Fi 6, Wi-Fi 6E and what the future holds for Wi-Fi 7
Net-Ctrl provide network and structured cabling solutions as either a stand-alone installation, or to compliment products and solutions that we offer.
Connect-the-Classroom scheme is allowing schools to upgrade their infrastructure to a solution that should last 10 years
Net-Ctrl provides two excellent support packages in addition to any equipment purchased. Find out about our Silver or Gold support package
IP-CCTV site survey to assess camera locations and requirement and existing Mobotix solution health checks.
Net-Ctrl offers our Cloud WLAN. Delivering market-leading patented technology managed by the Net-Ctrl engineering team.
Net-Ctrl offers a range of wireless network solutions. We explore some common questions related to these solutions.
Offering end-to-end, affordable and competitive financing solutions to help you achieve your business goals.