FBI/CISA Issues A Ransomware Holiday Warning

Earlier this week, CISA and the FBI issued a warning reminder for organizations to stay vigilant against cyber threats during the holiday season, especially on weekends when ransomware gangs normally like to strike – since many companies are closed, short-staffed or off-guard.

While CISA and the FBI provided some best practices to manage the risk of posed cyber threats, I sourced some commentary. Starting with Brent Sleeper, data security product marketing manager at HelpSystems, a provider of IT management software and services, who says the following:

“Ransomware has been a constant cybersecurity threat to organizations for many years. With the tools needed to carry out these attacks readily available on the dark web, ransomware has evolved into a serious activity for today’s cybercriminals. The tools are used to gain access to systems or networks with the objective of stealing or locking down sensitive data. The perpetrators then demand a ransom for its safe return, with many threatening to release the data into the public domain or destroy it if the ransom is not paid. Organizations that fall victim to ransomware attacks will often face weeks of costly disruption and unwanted publicity, so it’s important to understand the risks and limit the number of vulnerabilities that could potentially be exploited.

Improving awareness is a step in tackling ransomware. As ransomware is often delivered through email, employees should be educated on what to look out for and understand the dangers of clicking on unsolicited links or opening attachments. However, even with training in place, employees may still inadvertently trigger an attack, which is why it’s critical to have technology that prevents ransomware from reaching your organization in the first place. Email security solutions that automatically detect and remove malicious content or active code buried deep in attachments can neutralize threats before they do any harm. Organizations can also make sure that vulnerabilities in systems, software and applications are minimized by keeping them patched and up to date. These countermeasures will help ensure an organization’s defense against ransomware is more resilient and robust, and that its data is well protected.”

Next up is Mieng Lim, VP of product management at Digital Defense by HelpSystems, who says:

“Ransomware threats are constantly evolving. From the commoditization of ransomware through the recent availability of as-a-service tools, to increasingly sophisticated attack strategies, it is a threat landscape that demands constant monitoring and education from organizations and governments alike. This is perfectly illustrated by the new strain of ransomware discovered by Sophos this week.

Typically, hackers enter their victim’s systems and linger undetected, harvesting data and identifying targets before they deploy a targeted ransomware attack. However, this new python-based ransomware enters systems and initiates an attack within a few hours, making fast-acting threat detection and response absolutely essential for businesses. 

The first step in building an effective ransomware mitigation strategy is always setting realistic expectations. Ransomware breaches are no longer fully preventable, so businesses must focus on layering defensive barriers between an attacker and their most sensitive data. Running regular penetration testing and vulnerability scanning can help an organization identify and repair possible attack vectors, closing backdoors before an attacker can enter them and minimizing an attacker’s ability to escalate their privileges once inside the system. 

However, for any organization looking to improve its cyber threat response time, threat detection tools are a must. Network Traffic Analysis (NTA) works to monitor a network for any suspicious activity, detecting ransomware breaches and infection as quickly as possible. On top of these, active threat scans can give the organization peace of mind. If a breach is spotted, it is important to reassess the state of the IT environment to ensure that there isn’t a repeat attack. Unfortunately, we live in an era where preventing 100% of cyber risks is no longer possible, but constant vigilance, ongoing-cyber threat education, and a well-planned threat detection and response strategy will go a long way towards keeping your organization’s most sensitive data safe.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: