Is Anyone Safe After the Ransomware Attacks on Colonial Pipeline & JBS?

By Nathan Drager | June 17, 2021 | Comments Off on Is Anyone Safe After the Ransomware Attacks on Colonial Pipeline & JBS?

Is Anyone Safe After the Ransomware Attacks on Colonial Pipeline & JBS?

The recent ransomware attacks on Colonial Pipeline and JBS, the world’s largest meat producer, have everyone sitting up and taking notice. Small business owners are thinking, “If those large companies can get hit and have to pay a ransom, do I have any chance of being protected?”

Two things are true. The first is that ransomware has steadily been getting worse in attack volume and cost. The second is that companies can still take the proper IT security precautions to protect themselves, falling victim isn’t inevitable.

Ransomware attack volume increased 485% in 2020.

The attacks that have everyone on the news talking about cybersecurity were particularly troubling because they involve major suppliers of vital products.

In the case of the Colonial Pipeline attack, a pipeline supplying 45% of the gasoline, diesel fuel, and other petroleum products to the East Coast was shut down for 6 days after being hit with ransomware.

It wasn’t long before gas stations across the impacted areas began running out of fuel due to panic buying. This was also a wake-up call that left people realizing how just one ransomware attack can have wide-sweeping consequences for millions of people.

JBS, the world’s largest beef and pork producer, was hit just a couple of weeks later, at the end of May. The attack shut down several plants for nearly a week and impacts were felt by restaurants as the price for meat rose as a result. 

In both cases, the attackers were paid the ransom they demanded, which leads us to the answer to, “Why is ransomware getting worse?”

Factors That Have Caused the Dramatic Rise of Ransomware

Most Companies Pay the Ransom

Colonial Pipeline paid attackers $4.4 million and JBS paid $11 million, an amount its spokesperson stated was far below the initial demand. 

In fact, 56% of victims pay the ransomware demand to get their operations back up and running as soon as possible. The promise by the attacker (who is not all that trustworthy) is that if the victim pays the ransom, they’ll receive the key to decrypt the data that was encrypted by the ransomware infection.

If no one paid the ransom, it wouldn’t be long until hackers would move on. But that hasn’t happened. 

Ransomware is particularly devastating because it usually results in all operations having to shut down, so organizations are desperate to get them back up and running as soon as possible. 

As you can see from just those two companies, ransomware attacks are lucrative. The money to be made has drawn even more criminals into the business of ransomware attacks, both individuals and large criminal organizations.

Companies Aren’t Properly Prepared

Had Colonial Pipeline and JBS been properly prepared with a business continuity plan that included having a complete backup of all data that could be restored quickly, they could’ve avoided having to pay out millions. They may also have restored their operations faster.

But unfortunately, even large companies don’t always follow the basics of good cybersecurity and disaster preparedness.

For example, the Colonial Pipeline attack was avoidable. The breach happened through an unused VPN account that was not protected with multi-factor authentication (MFA). 

Protecting logins with MFA is something that’s a basic tenant of good password security and it can block 99.9% of all fraudulent sign-in attempts.

Basic lack of proper IT security as well as the failure to have a restorable backup make it easier for attackers to find new victims.

In the Sophos 2021 Threat Report, the cybersecurity watchdog stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”

Large Criminal Organizations Have Been Driving Ransomware Efficiency

Another big driver behind the rise of ransomware is the fact that large criminal organizations have adopted it as a money-making enterprise. They’re not only perpetrating ransomware attacks, they’re optimizing them.

The Sophos report noted that attacks that used to take weeks to carry out are now being done in just hours or days.

Ways to Avoid Becoming a Ransomware Victim

Being hit with ransomware is not inevitable. Taking the proper precautions can help you avoid an attack altogether and help you avoid paying a ransom if you are attacked successfully.

Here are some of the basics you need to have in place:

  • Cloud backup of all files with a fast recovery process
  • Managed Antivirus/anti-malware
  • Next-gen firewall
  • Multi-factor authentication enabled on all accounts
  • DNS filtering to block phishing sites
  • Email spam/phishing filtering
  • Ongoing employee security awareness training
  • A practiced incident response plan
  • VPN for remote and mobile employees (protected by MFA)

Get All Your Security Best Practices in One Managed Services Plan 

Quantum PC Services can help your Sturgeon Bay area business take the headache out of cybersecurity by offering all the protection you need in an affordable managed services plan. 

Contact us today to learn more! Call 920-256-1214 or reach us online.

 

Posted in Blog, Security

About Nathan Drager