GETTING YOUR A$# KICKED BY A RANSOMWARE ATTACK IS A HARD LESSON LEARNED

in STEMGeeks2 months ago (edited)

getting Ransomware right up your pipeline.png

Your business may not be supplying that black gold to the United States. You may not even think you are in the critical infrastructure business. However, don't think one darn second that ransomware can't come up behind and kick your backside like a mule.

By now, unless you have lived under a rock for the last few weeks, you've seen headlines and newscasts about the cybersecurity screw-up at the Colonial Pipeline.
This post is intended to speak to lessons learned from that goat rope and its applicability to all businesses, no matter their size. Yes, even your small ones.

Just To Recap The Jackassery:

In May 2021, a ransomware attack crippled the 5,550 mile-long pipeline like it owed a Jersey sports bookie, and the ransomware was Tony "Two Tones" with a bat. This pipeline feeds almost half of the gasoline guzzled by the East Coast of the U.S.

Some have proclaimed this attack to be the largest ever on U.S. oil infrastructure possibly, and it locked up almost 100 gigabytes of data tighter than an oil drum during an OPEC embargo.

DarkSide, the Russian hacker group, was the reported culprit who took the system hostage, demanding the ransom, and the pipeline was offline for days.

Heck, who knows, it might have been caused by a couple of teenage boys surfing porn on their dad's computer, who was probably a pipeline executive. That is what could happen when using legacy VPN systems that you've been warned about previously.

Hey, but it sounds better to blame it solely on Russian hackers' cleverness and nefarious technical expertise using inactive VPN accounts to make you look just a little less inept.

But no matter what the cause, greedy hackers, horny teenagers, or clumsy executives, we all witnessed the outcome. Lines at gas stations were stupid. It was chaos. Some shmucks even tried to fill up Walmart bags at the pumps; it got bad!

shitheads.png

So, What Is The Lesson Learned?

Well, there are two lessons. One, a business should never underestimate the who, what, when, where, and how cybercriminals will attack.

And two, some of our fellow human beings think they can fill plastic Walmart bags with gasoline and are allowed to drive!

Let's just hope they aren't the same people making the IT investment, policy, and process decisions!

Really, let's get on with the actual lessons. Although lesson one above is applicable...well, hell, so is lesson two.

That said, if you have been around the IT and Cyber profession block a while, then the rest of this post may not be worth your time to read. Shit, maybe none of it so far has been worth your time, but I hope not.

The rest of this post is meant for the non-IT and non-cyber type folks. It is for all the business owners, managers, employees, HR peeps, bean counters, box kickers, etc. These are the things you need to discuss with your IT folks, especially your IT management or managed service provider.

get smart.png

Lesson #1: Employee Education

Don't let your business be another cyberattack “victim.” I use the term “victim” very loosely. I have started refusing to use that term to refer to businesses who fall prey to ransomware attacks anymore. The public at large is tired of seeing businesses get their asses kicked by hackers and getting their data compromised.

It's time to protect yourself and not become a statistic!

Don't be the next in line for this unfortunate, but often preventable fate. Avoid becoming yet another company with its customer data stolen or infrastructure compromised from ransomware attacks with help from your complacency.

To keep your people from doing something stupid, there are a few things you need to do. First of all, make sure they know how phishing emails work and their goals- that is a 'no brainer.'

But don't just tell them about it; test the knowledge by showing examples. For example, you can conduct "red team" like exercises. With this type of exercise, an employee will be tricked with fake information sent through email as if it were from someone inside the company who has access to sensitive data such as banking details. Ask your IT management about this type of testing.

Share these results with other employees so everyone can learn together!

With so many cyberattacks occurring regularly, you should be asking your IT professionals to teach every employee how to protect themselves better. For starters, make sure you require them to have complex passwords that are long enough that hackers will not be able to crack in one go. Better yet, lockdown the system even further with 2FA!

Educate employees on what unsecured networks mean for data security, and watch as their eyes light up when they realize all of the dangerous things are happening without protection!

You can do your business a favor by preventing employees from downloading unapproved apps. The worst part is not that they might get mad, but rather it could compromise the security of their work devices and sensitive data, and even worse yet, they could find themselves carrying a box filled with their stuff from the office because they've been fired.

firewall.png

Lesson #2: Use Firewalls And Email Filtering

Protect your network with firewalls and block access to malicious IP addresses. You can also reduce traffic from bad actors by blocking off known cybercrime hubs through geo-fencing and setting up advanced spam filters that will help identify phishing emails before they get sent out to employees in the first place!

Lesson #3: Limit Access

With so many headlines and stories about data breaches, it's no wonder that businesses are concerned. What if your company had a security breach? How would the general public react to this news?

One way to protect against these issues is by limiting access for employees. When someone attempts unauthorized logins or takes over an account being used to administrate the network, administrators can be alerted immediately through activity logs that monitor user activities on their endpoint device(s).

Limiting privileges also makes it more difficult for bad actors who may want to damage an organization with malicious intent; they'll need credentials given only by those with specific administrative privileges!


monitor.png

Lesson #4: Monitor And Patch

Monitoring IT 24/7 is a no-brainer for any business, but what if you can't be there? Set up alerts to notify your team of suspicious activity. The sooner we know about vulnerabilities or breaches in security, the better off our entire company will be!

The Internet can be a scary place. You have to make sure you're not opening any doors for hackers by ignoring update notifications and failing to keep your systems updated with the latest patches from vendors, manufacturers, or providers. Unfortunately, doing so puts yourself at risk of having unwanted guests that could ruin everything in their path!

Lesson #5: Have a backup plan

Cybercriminals are a modern-day mafia, and they can put your business in shambles. If cybercriminals take your system hostage, you'll put much faith in the criminal's ability to return it. You could be left with nothing but bills and a damaged reputation from this scam.

Disaster cannot be predicted. But with a good backup plan, the devastating effects of unforeseen events can be mitigated or even avoided altogether.

A 3-2-1 approach is crucial to any disaster recovery plan: have three copies on two different storage mediums, and at least one should be off-site to protect against all eventualities, including natural disasters like earthquakes and fires as well as accidental data loss due to equipment failure, human error, etc.

Your backup plan should be customized to the specific needs of your business. For example, one company might need daily backups, while another may not achieve its goals if it loses just a few hours' worths of data.

have kick ass processes policy.png

Cybersecurity Doesn't Have To Be Complicated

Cyberattacks are becoming increasingly commonplace in the digital age. Unfortunately, for a small business, cyberterrorism can have devastating effects on its daily operations and profitability.

Ransomware attacks cost organizations time and money to recover from and a cost to their reputation. So, businesses of all sizes need to safeguard their information systems with good ITSM processes and rock-solid IT policy.

Both ITSM processes and IT policy, coupled with technical solutions, will help guide and provide protection against ransomware as well as other kinds of potential threats that could disrupt your day-to-day operation or even make you vulnerable at some point down the line when data is stolen!

Note: All graphics within this post, to include their images and elements, where sourced and generated from Canva.com, except where othewise identified on the graphic itself.

Rhino_Logo_Clean.png

Sort:  

I read about the attack and how the hackers got off with millions in bitcoin. Although I later read that some of the bitcoins were recovered by FBI/CIA, it really dawned on me that anyone can be a victim except they are extremely conscious of security.

Edit: it would be lovely if you can include the source to the images used in your posts. Not that it is a must though, but it can fetch you some great supports.

Yes, you have to be on your game these days for sure. You can't ignore security for the sake of profits or laziness.

Thanks for the tip on the images. I added a note at the bottom of the post, hopefully this covers it.

Note: All graphics within this post, to include their images and elements, where sourced and generated from Canva.com, except where othewise identified on the graphic itself.

That's should do.

 2 months ago 

Gosh, I work in healthcare and the amount of scam/phishing email I get daily...

I've found having a whitelist option did help reduce the number of "fat fingering" through email communications.

Do you work on the IT side of healthcare or the actual healthcare provider side of things?

 2 months ago 

More on the provider side.

ok, it seems like you have 'know how' than the average healthcare provider when it comes to IT so I am not going to insult or bore the shit out of you. 😀

I would just recommend you start by looking at your email provider, it is obviously not filtering emails properly if it is allowing a lot of phishing emails through.

If I can be of anymore help, feel free to reach out as I have much more that I can provide, I just do not want to overstep.

Congratulations @joerhino! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :

You made more than 10 comments.
Your next target is to reach 50 comments.
You got more than 10 replies.
Your next target is to reach 50 replies.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

To support your work, I also upvoted your post!

Check out the last post from @hivebuzz:

Hive Power Up Day - August 1st 2021 - Hive Power Delegation

Thanks you, much appreciated.