With the coronavirus pandemic severely affecting healthcare organizations, you would think that cybercriminals would tone down on wreaking havoc on them. A lot of them have actually promised to stop their activities for the meantime until the situation improves, with some of them even offering free service for organizations that have been mistakenly encrypted. But then, there are still some gangs who are not promising anything, with one of them actually threatening to take their actions further especially to big pharma sites, as these organizations allegedly take advantage of the public panic to rake in more profits. For these, let’s take those promises with a bit of salt, shall we?
With most computer system and information technology specialists of companies working from home (unless some of them are actually staking out in their offices for the entire lockdown period), the risks companies face of getting cyber attacked is especially high. When there is no one in the office to physically asses their systems, the response time of these IT people to any threat will be greatly affected. So, unless all illegal activities against all organizations that ultimately affect individuals and their data come to a halt, then there will always be the threat of events like ransomware on top of every web user’s head. And with difficulties like this, there will be data loss, and there will be the opportunity for hard drive data recovery.
But how does an organization deal with such an attack? Millions of dollars have been lost because many organizations have dealt with ransomware attacks through the only option they were left with – by paying the ransom. But surely, this shouldn’t be the only way to deal with this situation.
If there’s a ransom, then why not negotiate?
As ransomware attacks have become quite rampant since last year, the most common ways people have responded would be either to pay the ransom, which can go anywhere between thousands to millions of dollars (in the case of high profile organizations), or seek the assistance of consultants so that the data that was lost because of ransom non-payment can be recovered.
But then, one approach in real-life situations that seem to forget as a viable option is negotiation. Isn’t it that when someone gets kidnapped or be in a hostage situation, that there are crisis specialists (usually police officers) who will negotiate with the kidnapper or hostage-taker? The tactics these negotiators can prove useful for anyone in a ransomware attack situation.
In general, the less the victim knows about how to purchase bitcoin, the more time the victim has to build up rapport and trust with the cybercriminal. During a negotiation, an attacker may extend payment deadlines, lower the ransom, decrypt some data as a show of “good faith” or provide step-by-step assistance in purchasing bitcoin.
Is prevention the best course of action?
The latest ransomware campaigns have started targeting businesses and their employees who are working from home through methods like phishing emails and attacking the vulnerabilities in the Remote Desktop Protocol (RDP) of Microsoft. As someone who may be working from home because of the COVID19 lockdown, can you do something to make you less vulnerable to this kind of attack?
Lock down RDP. The RDP attack vector is regularly targeted by ransomware attacks. Disable RDP where not required. Apply secure configurations where RDP is enabled, including use of strong passwords (at least 16 characters in length) and multi-factor authentication (MFA).
Unless all vulnerabilities of all computer systems in the world are detected and resolved, everyone is at risk of getting attacked by ransomware. So, it is best to be prepared as possible. Make your passwords super strong. Change them regularly. In your company, why not do a ransomware drill, just like an earthquake or fire drill where everybody would know what to do in case of a ransomware attack? The important thing is for everyone in your organization to know what can happen and what they should do in case it happens.
Some organizations fall into the trap of thinking they’re not important or not big enough to fall victim to a ransomware attack. In today’s high-severity cyber risk landscape, everybody is at risk, according to Francine Armel, focus group leader – international specialties, Beazley Canada Limited.
Meanwhile, if you have important documents or files that have gone missing, Read this: Let our data recovery services help you recover that important data.