Blog / What’s the worst cyber attack to get hit by?
Not all digital assaults are coded the same.
When it comes to targeting an organization for a cyber attack, hackers sadly have plenty of options. Things like Dedicated Denial of Service (DDoS) attacks, viruses, business email compromise, are just a few major selections from a list that goes on and on. However, if I had to pick one as “the worst,” there’s no contest. Ransomware is the winner and not just by a little bit.
That’s because nothing has the same impact as ransomware, which encrypts all the files on the computers it infects (taking down pretty much everything on that machine). Also, pretty much every strain of ransomware will spread itself around your network, rendering every computer it can connect to useless as well.
Okay, sure that’s bad. But is it as bad as some other kind of malware, or data lose from a compromised email? Absolutely.
What makes ransomware so bad?
Here’s the thing. Nasty malware takes out the machines, just like ransomware. Denial of service attacks make something important unavailable, just like ransomware. Business email compromise can lead to loosing important internal information… just like ransomware. It does everything other malware does, and sometimes more.
So how bad can ransomware get? What’s the worst-case scenario?
How about holding up an entire county for ransom. That’s correct, an entire country. Costa Rica suffered a massive ransomware infection that wound up crippling their entire government. Not only that, but Conti (the ransomware gang behind the attack) has said they were “determined to overthrow the government.” To be clear, 27 different institutions and aspects of the government were paralyzed by the attack and one of those was the Costa Rican Finance Ministry, which of course handles the country’s money. So that caused some issues.
That’s why ransomware is the winner. No other type of attack has ever been leveraged for an attack of the sheer scale and magnitude as the one on Costa Rica.
So then, now that I’ve totally freaked some people out, let’s get into the basics of ransomware defense.
How to protect yourself
There are a few effective measures you can take, which sadly most organization’s still don’t bother with, to defend yourself.
Have an official Incident Response Plan (that everyone knows)
This is crucial. In the event that something goes wrong the first thing you need are people who know their responsibilities. Your incident response plan needs to outline not just your overall procedure, but also the responsibilities of each employee’s role. Trying to figure things out on the fly when your entire network just crashed is only going to make things worse.
Some role responsibilities that should be included in your plan are:
- for front line or low-level employees to immediately notify supervisors when they notice something’s up,
- for supervisors to investigate promptly when notified, and escalate immediately should their investigation reveal an attack,
- for some employees to make records of the situation for reporting if necessary, and
- and the responsibilities of executive leadership in determining your actual response.
Proper network segregation
The easiest way to stop ransomware in its tracks is to separate your network into sections. Keeping networks separated based on their physical location is a good start but many organizations forget about logical separations. Logical network segregation entails separating computers based on their purpose (ie: accounting PCs, front counter desktop, field tablets, etc.). Preventing some groups of computers from talking to others, especially those they don’t need to, can dramatically limit the spread of not just ransomware and but other malicious software as well.
Properly tested, multiple backups
A proper backup solution features multiple backups in multiple locations, including one that’s not on the network. In addition to storing multiple copies, those backups need to be monitored and regularly tested. Ensuring your backups are working and the restoration process remains familiar improves efficiency during an actual emergency. Not properly segmenting your network allows ransomware to work its way around your network, and backups can save you but only if they’re working and secure. Without functioning backups, your options are limited to paying the ransom or losing your data. Or both, if the criminals decide to just take their ransom and run.
There are plenty of other defense tactics you can adopt, but they start to become specific to your business, environment, and context. These three general items, however, don’t change according to sector or business type, and they’re right up at the top of the list of effective strategies. Once you do know your specific strategies, make sure they’re understood and well-communicated in your incident response plan, or their effectiveness could be curtailed.
If you’d like help securing your network or backups against ransomware, or to refine and update your incident response plan, contact one of TRINUS’s cybersecurity experts. Knowing you have a valid response plan goes a long way to making your IT stress-free.
This week’s quote comes from Shakespeare’s Hamlet, and reflects on the value of tailoring responses to crises: “Suit the action to the word, the word to the action.”
Be kind, courtesy your friendly neighbourhood cyber-man.