Earlier this month, international consulting firm Accenture became the latest target in a string of high-profile ransomware attacks when the LockBit group claimed to have breached the company’s servers and threatened to release its data.
According to a CRN report, Accenture confirmed the attack, but downplayed the scope of the damage: “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. In addition, we fully restored our affected servers from backup. As a result, there was no impact on Accenture’s operations or our clients’ systems,” Accenture wrote.
It’s not just big companies being targeted. Every type of organization, from small IT firms, municipalities and school districts to big multinational corporations, is in the crosshairs as ransomware attacks become more aggressive and costly. According to a report from security consultant Unit 42, the average ransomware payment climbed 82 percent to $570,000 in the first half of 2021, up from $312,000 in 2020.
An analysis by Barracuda found that a small number of ransomware gangs are conducting many of the attacks. Per the data, of the ransomware attacks between August 2020 and July 2021, REvil accounted for 19 percent of attacks, and DarkSide was behind at 8 percent.
In the past 12 months, Barracuda researchers identified and analyzed 121 ransomware incidents, a 64 percent increase in attacks year-over-year. Attacks on corporations accounted for 57 percent of attacks, up from 18 percent in 2020. Infrastructure-related businesses accounted for 10 percent of attacks.
Hackers are also changing their methods. In the past, these attacks relied on malicious links and attachments, similar to traditional malware. Now, hackers are using more complex phishing schemes to steal credentials to access networks and applications. Over the past year, with more employees working from home, web-based applications and web portals have been leveraged for these attacks. For example, in the Colonial Pipeline attack in May, criminals used the stolen password to a VPN account to break into the network.
No One’s Immune to a Ransomware Attack
MSPs must employ new strategies and technologies to protect their clients and themselves from these pernicious attacks. There are several methods that will help mitigate the damage and reduce the risk of a successful attack. Security measures should be targeted at reducing the risk of a successful attack, minimizing the damage if the ransomware is deployed on the network and avoiding paying the ransom.
First, assume that you and your clients will be targets. As we have seen over the past several years, MSPs have become prime targets, and hackers are not picky about the type or size of the organization they go after. Second, educate your clients and your employees about the risks so they will be prepared to implement the appropriate security measures and come up with a response plan when there is an attack.
Best Practices for Minimizing Ransomware Damage
You must accept the mindset that at some point, you will become a target—it’s just a matter of when. The next thing you need to do is to set a goal of not paying the ransom. With the goal set, you then need to implement the following procedures:
Leverage advanced security tools to prevent credential loss. Train employees and clients on how to spot phishing emails and how to report them. Use advanced AI-based solutions to analyze email and network traffic for unusual patterns that might indicate an attack.
Utilize password and security strategies to protect applications and network access. Encryption, multifactor authentication, password management, and web application security can protect both internal and hosted applications. A Zero Trust Access approach that requires validating each user at each endpoint is much more reliable than a traditional VPN—and with more companies adopting remote work and work-from-home models, this will be critical.
Use role-based rules to limit user access to only the applications and data necessary to do their jobs. Evaluate the type of data being stored—is all of it necessary? How long should it be stored? Is there particularly sensitive or valuable data that should be protected using more stringent measures or advanced encryption?
Employ robust backup and data recovery procedures. Multiple backups housed outside of the network will make it easier to avoid a ransom payment. Regularly test disaster recovery procedures to make sure that the business can be up and running quickly in the case of an attack.
The ransomware problem isn’t going to abate any time soon. Therefore, MSPs should secure their networks and work closely with clients to prepare them for an inevitable attack. You cannot stop a ransomware attack from happening, but you can disrupt them and minimize the damage using these best practices.