This article was originally published in Commercial Banking’s magazine, Cybersecurity: Making Security Personal.
Ransomware attacks have made major headlines in recent months. These widely publicized attacks have impacted numerous industries, both within the US and globally. The Cybersecurity and Infrastructure Security Agency (CISA), a part of the Department of Homeland Security, describes ransomware as “a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.” CISA warns that attacks usually spread through phishing emails and infected websites. Once cybercriminals gain access to a company’s private information, they hold the files hostage until a ransom is paid, usually in a cryptocurrency such as bitcoin. To release the files, the cybercriminals will issue a decryption key to the victim, but sometimes, even if the ransom is paid, they don’t return the data files and instead demand additional payments.
Many of the organizations and agencies targeted in recent attacks failed to apply software patches developed following the last widespread ransomware outbreak. Some may even still be operating without backup systems.
“The key to mitigating a ransomware attack is to isolate, isolate, isolate. By creating multiple layers of protection for backups, organizations can help support rapid restoration capabilities, in the event of an attack, by quickly identifying the most recent backup to use,” said Adam Bulava, Global Head of JPMorgan Chase’s Attack Simulation team.
Criminals are brazen in launching ransomware schemes, taking advantage of vulnerabilities in computer systems and lapses in employee training and resources.
“Government agencies or smaller companies may be strapped for resources due to budgeting constraints and are unable to add the software updates that help mitigate potential threats,” Bulava said.
The reality is that no company is immune to cybercrimes, especially ransomware, which is invasive, and the fallout from an attack can be enormous. Some large multinational companies with a tremendous volume of private customer information may choose to pay the ransom when such an attack renders them unable to conduct business, or they may want to avoid potential negative publicity and the resulting fallout with employees, customers and stakeholders.
However, when dealing with criminals, paying a ransom doesn’t guarantee the data will be released. While the decision to pay ransomware or not is an individual organization’s decision based on what is best for their employees and stakeholders, the Federal Bureau of Investigation (FBI) does not advocate paying ransom to criminals. Many times paying ransom perpetuates future crimes and emboldens other cybercriminals to launch similar schemes.
With the number of attempted or actual payments fraud attempts reaching record levels, JPMorgan Chase is helping clients look at the viability of their resiliency and recovery plans. Ransomware attacks aren’t isolated events and can strike a company more than once. Resiliency is the key to helping companies—big and small—deal with a ransomware attack.
“The firm’s Threat Intelligence organization evaluates cyberattack information looking for patterns with threat actors to prioritize threats and help protect the firm and clients,” said JF Legault, Global Head of Cybersecurity Operations.
The firm’s Attack Simulation team hosts a series of tabletop exercises with clients that simulate a ransomware attack scenario. While the simulations are intended to help test resiliency strategies, Bulava said the sessions demonstrate real-life implications and test an organization’s response time and engagement.
“If you don’t have a resiliency plan in place, now—before a data breach occurs—is the time to develop a layered approach and make your cyber hygiene protocols more secure. Include as many teams as possible, from communications, technology, operations, legal and executives, to support internal and external resiliency and recovery efforts,” said Brett Wallace, Executive Director, Cybersecurity Intelligence Group with the firm.
Communications teams should be engaged in resiliency planning to help build responses to employees, third-party suppliers, customers and key stakeholders in the event of a data breach.
Adopting cloud-based technology as part of an organization’s resiliency and remediation strategy may help avoid a bare-metal restoration, which is essentially rebuilding a computer from scratch. It’s also important to check and secure any vulnerabilities in configurations with cloud system security to prevent a breach.
Practice good cyber hygiene by creating multiple backup layers to protect network computer systems if they become infected. If a company is considering purchasing cyber insurance, read the fine print to make sure ransomware attacks are covered in the policy.
Bulava added, “It’s important to test resiliency plans at least twice a year with simulated drills and implement any necessary changes to ensure all employees are comfortable with processes and procedures.”
While creating an internal security network and best practices is important, relationship building with external partners is also critical. Engaging FBI field offices and the agency’s Internet Crime Complaint Center (IC3) in advance of an attack may help improve response time.
“Developing effective resiliency and recovery plans is every client’s responsibility and every minute counts during a recovery effort,” said Mike Kelly, Business Information Security Officer with the firm. “We want all of our clients to remain vigilant, be prepared and determine the best strategy for mitigating and recovering from a ransomware attack.”