Call a Specialist Today! (02) 9388 1741
Free Delivery! Free Delivery!

The Latest SonicWall News
Product and Solution Information, Press Releases, Announcements

Ransomware Can Cost You Millions; Is Your Network Secure?
Posted: Thu Dec 22, 2016 03:10:40 PM
 
SonicWall

Recently it was reported that in April 2016 an employee at Michigan-based utility company BWL opened an email and clicked on a malicious attachment laden with ransomware. The result? It shut down accounting and email systems as well as phone lines, which lead to a costly and laborious week of recovery.

The cost? $2.4 million.

Let That Sink in for a Second.

In a separate case, the $800K ransom heaped upon the City of Detroit by hackers in 2014 served as an anecdotal warning of the potential for this class of malware. But in the BWL case, only $25K was actually paid to the attackers with 99 percent of the costs related to technology upgrades and people responding to the attack. To save you on the mental math, the actual ransom was about 1 percent of the total costs. This could be the setting for a modern proverb based on For Want of a Nail. The silver lining is the improvement of the utility�s security and the overhaul of its IT communication policy.

What Does This Teach Us?

For all the talk of cost of the ransoms levied upon victims, the impact is much greater. In this example, it cost the organization in lost business, impact to the customer experience, and even more on the human resources side. It also serves as a poster child for ineffective spam management and phishing prevention. Ultimately this problem is happening around the world and despite the best intentions at stopping ransomware, it still persists.

What Do You Do If You Are Hit?

First of all, don�t panic. By default, you need to consider not paying the ransom and find a way to restore systems and data without giving in. Otherwise, it�s like feeding a feral cat; hackers will be found on your doorstep the next day. Simultaneously, you need to restore systems, discover the point of origin, and stop follow-on attacks. This is where the backup and security stories combine.

In the case of BWL, it took a lot of human resources and two weeks� worth of time, most likely because the utility was not prepared for this type of attack. In your case, find the point of origin and restore a backup from before that event.

But What About Stopping Follow on Attacks?

Before the Firewall

I would like to say that out there is a single solution that will solve this but that isn�t completely true. In short, the answer is education, security and backup. The first thing to do is to build the human firewall; teach your employees not to click on attachments or links in suspicious emails, especially if you deal with payments. This is just the first step; a recent Barkly study stated that in their data set, 33 percent of ransomware victims had already undergone security awareness training.

Additionally, think long and hard before hanging �blamable� employees out to dry. It may be shortsighted to fire or reprimand an employee for unleashing malware unless they were clearly going outside the boundaries of ethical/lawful internet usage (e.g. browsing adult sites, downloading pirated material, etc.). In many cases, ransomware comes through a cleverly crafted phishing email, and given the fact that BWL�s accounting and email systems were taken offline, I�m assuming an accounts payable person opened an attachment from a hacker with an �unpaid invoice.�

When it comes to technology, you need to have a multi-layered approach to eliminate malware as it approaches your environment. Look at the image below and you can see how SonicWall stops ransomware via web and device traffic. In the case of watering hole attacks (e.g., downloading malware from a website), SonicWall Content Filtering Service (CFS) blocks millions of known malicious sites to help remove major sources of pulled malware from the equations. After this, deploy SSL/TLS decryption to help you see all traffic. Four years ago, the percentage of traffic being encrypted was very low by comparison today. Forget the advertised malware-catch-rate of a vendor�s firewall and sandbox; if they can�t inspect 50 percent of traffic, it�s like locking and guarding the front door while leaving the backdoor open.

 
« Return to News List