Denver printing company Colorado Timberline abruptly closed down in September, blaming an unnamed ransomware attack for its demise.
“We have recently been plagued by several IT events,” a message on the company’s website stated at the time. “Unfortunately we were unable to overcome the most recent ransomware attack.”
This month marks two years since WannaCry crippled computer networks worldwide and, while that infamous ransomware attack has faded from the headlines, Colorado Timberline stands as a stark reminder that ransomware remains a real cybersecurity threat with consequences close to home.
For those who’ve forgotten, WannaCry swept through computer networks around the world, devastating even high-profile systems like Britain’s National Health Service. It exploited a Windows vulnerability to infect computers, encrypting files on the hard drive and making them impossible to access. It then displayed a message demanding a ransom payment in Bitcoin to decrypt the files.
The discovery of a kill switch stopped WannaCry from locking down computers and slowed its spread, but it wasn’t a permanent fix. According to newly released analysis from Malwarebytes Labs, WannaCry ransomware remains a global cybersecurity threat, with more than 4 million detections identified worldwide in the two years since it first appeared.
Malwarebytes’ findings also revealed that there are still “hundreds of thousands of systems out there that are vulnerable to EternalBlue and EternalRomance exploits that WannaCry uses to propagate and spread.”
The massive RobinHood ransomware attack that brought Baltimore’s city government to a halt early this month used the EternalBlue exploit to spread across the network, according to The New York Times.
Since then, Baltimore’s “digital content has been locked away — and the online aspects of running the city are at an impasse,” NPR reported. “Government emails are down, payments to city departments can’t be made online and real estate transactions can’t be processed.”
While ransomware attacks on large organizations like health care systems and city governments grab headlines, Malwarebytes Labs Director Adam Kujawa said small and medium-sized businesses are equally at risk — and can be wiped out by one attack.
Traditional data theft would copy valuable data and use it to launch new attacks and steal identities, he explained, but with ransomware, “there is no copy and run — the attack intentionally doesn’t care what kind of data it is going to encrypt,” Kujawa said. “All it knows is that the disruption of your operations by withholding access to vital data is a better return on investment than attempting to sell the data on the black market. Who is the data more valuable to — some random cyber criminal on the dark net or the CEO who it was just stolen from?”
Kujawa said the overall fallout from ransomware can include:
- Loss of confidence from customers.
- Loss of intellectual property.
- Loss of customer data.
- Fines for certain types of data loss (like HIPAA violations).
- Steep costs associated with attempting to recreate data that wasn’t backed up.
“These are just a few examples, but ransomware could potentially destroy a business — especially small — if it causes that organization to lose valuable data it needed for its business to operate,” he said.
Matthew Titcombe, CEO of Springs-based Peak InfoSec, said small businesses are even more at risk than large organizations when it comes to ransomware.
“The problem is smaller businesses have this paradigm problem: They think they’re not a target,” he said. “And then their budgets are really tight and they don’t put preventative controls in place.”
Smaller businesses don’t understand that blanket cyber attacks like ransomware can hit them without really aiming at them — and hiring information security professionals to prevent a problem they haven’t experienced before “is seen as an operational expense that has no return on investment,” Titcombe said.
“Most small businesses are not taking preventative control to reduce the risk — and the reality is it’s going to happen to everybody at some point,” he said. “I don’t know if I’d call it a ‘head in the sand’ attitude. I just don’t think they know they’re standing right next to a rattlesnake. What you don’t know, you don’t know. And they’re so open to this.”
Kujawa outlined the steps businesses can take to avoid falling victim to ransomware — or to avert catastrophe if they do:
• If you can, hire a reputable managed security provider to establish a baseline of security tools and operations, and act as a resource if an infection gets through.
• If you can’t hire an MSP, make sure you identify and compartmentalize your most vital data to reduce the risk of it being stolen or held for ransom.
• Utilize online backups with multi-factor authentication and encryption (make sure the vendor can’t see what you are uploading) for your most important data.
• Reduce the attack surface — limit where you can go and what you can do on company systems. Watch for vulnerabilities in your network (for example, a Windows XP vulnerability was just patched — are you still running XP?).
• Ideally, have a system where you can quickly deploy and test updates to ensure compatibility with all of your applications and operations before deploying the updates across your network.
• Use an email provider that offers some email scanning security.
• Deploy security software to catch anything that might make it through — and keep it updated.
• Make sure your security software utilizes multiple layers of protection, keeping an eye out for exploits and unknown malware.
Titcombe emphasized the importance of backing up systems, establishing solid endpoint protection and network protection, and boosting education — “Training your users to be cynical is critical nowadays,” he said. “And I would lay right on top of that, cyber insurance.
“Cyber insurance is so cheap for [what it does] when an attack is going to happen …” he said. “I go back to that paradigm of ‘It’s not going to happen to me. We’re so small.’ I say, ‘You drive a car, you think you’re not going to be in an accident?’ Everybody kind of knows they’re going to be in an accident, but again, it’s human nature. We bury risks. If it hasn’t happened to us, we’re not going to think about it.
“That printing company up in Denver that got hit by ransomware, they shut their doors because they didn’t have money to repay for software, hardware, everything else,” he added. “But if they’d had cyber insurance, that would have covered the remediation costs, and the lost revenue while everything was going on.
“It would not necessarily help their branding issues or the lost customer confidence in them, but it would help.”