For anyone following the news out of the world of cybersecurity recently, it seemed to just get worse and worse.
First, the major āfuel aortaā of the eastern U.S.ānow known to everyone as The Colonial Pipelineāgot hit with a ransomware attack that caused managers to take it offline. This caused price hikes and panic fuel-buying, leading to long lines at gas stations.
Then, word came out that the attack was conducted by cybercriminals affiliated with a shadowy hacker gang called DarkSide. DarkSide publicly claimed that it has āprinciplesā and wonāt target certain types of business including hospitals, funeral homes, educational institutions, nonprofits, or the government. DarkSideās stated goal is simply to make money, not cause societal problems, according to their statements, and so they target businesses with the cashflow that would allow the victims to pay the ransom. Still, many cybersecurity experts thought DarkSide seemed suspiciously related to REvil, also known as Sodinokibi, a Ransomware as a Service (RaaS) operation. They were looking for $5 million worth of Bitcoin in exchange for providing the decryption key to unlock Colonialās files.
Since this attack, the largest meat processor in the country and a major hospital system have also been hit. Remember, these are the attacks weāre hearing aboutāsmall- to mid-size businesses that are attacked donāt make the news, even when they are a key driver of the American economy, both locally and nationally, and employ millions of workers across the country.
Ransomware attacks can hamstring any business, causing lost time and therefore lost revenue, plus a crisis of confidence among customers who learn their data may be at risk of turning up on the dark web.
Letās take this crisis as an example, and walk around in Colonial Pipelineās shoes for a while. Imagine our hypothetical business is subject to a ransomware attack, we donāt hear anything from anyone, we just start losing access to file after file on our network. Reports indicate that the DarkSide attack requires just one networked computer to gain a foothold and seize our data and files.
Then the message is receivedāa text message explains that our files have been encrypted, and, in the case of the DarkSide attack, our data has been stolen. The message gives us an amount that must be paid, and a deadline. Usually the amount is exorbitant, but not completely beyond the realm of being paid (after all, the criminalsā goal is to get the money, right?). In this way, ransomware can be a nuisanceāor worseāto owners of any size business.
What do we do? Aside from feeling quite powerless, we think about paying, as much as the idea makes us angry.
Who are we going to call? The police? More likely weāll have more success contacting our IT consultant or managed services provider, though thereās likely little to be done to help our situation.
UNLESS we had the foresight to set up a disaster recovery plan. At Axis Computer Networks, we offer the only 100-percent-effective response to ransomware attacks. Network security is key of course, but the hackers eventually will find their way through any secure system. The only protection against ransomware is to expect it will happen, and plan accordingly.
According to Statista.com there were 304 million ransomware attacks in 2020. And while small- and medium-size business owners may think (read: hope) theyāll be overlooked by criminals, itās actually quite common that these bad actors can make a good living targeting smaller companies who may not have the resources to build the security infrastructure that can make them a more challenging target.
Worse yet, imagine our company got hit, and we scrape together the cash and pay the ransom. Whoās to say they wonāt come back and do it again next week? Or next month? Or tomorrow? Even if they say they wonāt. What is the word of a criminal worth?
Take the upper hand. Learn about setting up a Disaster Recovery Program. Weāre happy to talk to you about your options.
And now for the good news: As we wrote this blog, DarkSideās servers were shut down, its Bitcoin accounts were drained, and all of its outstanding victims were said to receive their decryption codes. Whether the gang was broken up by an international consortium of law enforcement agencies, was threatened into submission by organized crime, or backed off because the attack became too high profile with round-the-clock media coverage, we may never know. Bottom line, no one wants to be in a position where they have to decide what their business is worth to them, as it hangs in the balance.
Letās hope the only DarkSide we ever hear about from now on is that great Pink Floyd album.
[Contact us today to learn more about setting up a disaster recovery plan. You may be surprised how easy and reasonable it is. And how good you feel once itās done.]