Blog / Holding Organizations to Ransom(ware) – Easy Hacking Targets Represent Humongous Business.
Writing newsletters can be troublesome. You need to make sure the topic your newsletter will cover is something that will be interesting or useful to people. You should also make sure you have a large enough selection of topics, so you don’t run out of material. Computer Security is nice for both these reasons: It’s useful to everybody and there’s a never-ending stream of topics to choose from.
It’s not all roses and sunshine when it comes to these newsletters. Many of the topics require a certain amount of knowledge or experience to properly understand them. So, what used to be a bottomless ocean, suddenly turned into a lake. There are still plenty of topics to choose from, but I need to be careful not to select something that will become too technical or require a lot of explaining. I also need to try and keep the topics flowing and new. It’s generally not very useful to say the same thing over and over.
So, at risk of repeating myself, today I’ll be discussing Ransomware.
Now then, before anyone goes off and says this is something I’ve talked about before, let me just admit that “Yes. Repeatedly.” Over my previous 90 newsletters (this is #91) no less then 3 of them have had Ransomware as their primary theme. Also, I’m sure it has been mentioned in passing over several other newsletters, just as it has been a major theme in the ones TRINUS has rolled out (I’m not the only one at our company talking about Ransomware.) Ransomware is something that comes up again and again.
So why am I bringing it up now? Hasn’t this topic been beaten to death yet?
I just read a report recently released by Emsisoft (they produce Anti-Malware software.) In 2019 there were a total of 948 US government entities hit by Ransomware. The breakdown was 113 state and municipal agencies, 764 Healthcare Providers and 89 Educational institutions (Colleges, Universities, Etc.) The total cost of these attacks was $7.5 Billion dollars!
It’s rare to see an article about a business getting hit with Ransomware these days. It’s usually some Government office or Hospital. The proof is in the numbers of the report. Most of the time an attacker doesn’t have any real “agenda” or axe to grind. Generally, they aren’t looking to attack a government or bring down an industry.
Most often, they’re just after money. They want a payout. So why are Governments and Healthcare Providers such a big target? I can think of three major reasons right off the top of my head:
1) Because lives are on the line
Healthcare Providers are a target because people’s lives are in danger.
Governments are responsible for a lot of the infrastructure (Water, Gas, Etc.), so again, lives are on the line.
Education has a huge impact on people’s future quality of life (and it’s often costly to obtain.)
They don’t necessarily have the luxury of spending a huge amount of time restoring backups. It’s not simply a matter of spending overtime money to get things back up and running. With these sorts of targets, it’s easy to disrupt a service that could impact many people outside of the organization. That puts a lot of pressure on them to get things back up and running quickly.
2) IT is generally underfunded
Technology is looked at like a tool for these sorts of institutions, to accomplish their primary job. As such, I’ve found that IT in these kinds of situations are often running-off the bare minimum amount of funding they need, to keep everything operating. This means IT projects are generally done haphazardly, and with minimal forward planning.
To be fair, I’ve run into many places located on either side of the spectrum. I’ve come across schools with a well-funded and staffed IT crew and I’ve seen the shoestring operations at others. The same goes for Governments’ offices and Healthcare Providers (I’ve been doing IT work for over 2 decades after all.)
3) The networks tend to be large, sprawling and poorly documented
Hospitals, Government and institutions of higher learning can easily get very large, physically. This means their networks are also the sort that get large and complicated quite quickly.
A business network tends to be very orderly. You can group machines together, in order to decide how they interconnect with each other. You have your servers, your permanent network devices (Wireless Access Points, Switches, Etc.) and your Workstations. As your network gets larger, you can generally account for this by adding additional levels of group separation (Physical location, Department, Etc.)
Governments, and especially Hospitals, can get a lot more complicated than just that. Think of something like an MRI, X-ray machine or Water Treatment controller:
– It might need Internet access to update itself.
– It may be managed/updated/maintained by an external contractor, so there may need to be remote access configured.
– It should only be internally accessible by a few, select internal machines (in which case these would probably need access to other parts of your network.)
Situations like this pop up a lot when you’re a School, involved in Healthcare or Government (it just seems to be par for the course.) Since IT tends to be poorly-funded, this can lead to a lot of churn in IT staff, which contributes to poor documentation.
When you put these 3 things together, it means you have plenty of easy targets. It will likely be simple to infect and move around inside those types of networks. This makes a large infection effortless. Since there’s the possibility of coming under considerably more significant financial pressure, it means the chance of getting the Ransom paid goes up.
What is the takeaway from all this?
Defense Against Ransomware NEEDS to be one of the main focuses for the IT department, in any Government, Healthcare or Education organization. Rather than an afterthought, protecting the environment from Ransomware, needs to be in the forefront of people’s thinking. It can’t stop at simply preventing Ransomware from infecting the devices; it needs to include the assumption that it will (at some point) succeed, so recovery needs to be addressed as well.
There needs to be a plan. Proper defenses and monitoring need to be in place to prevent an infection or minimize the impact. Backups should be properly scheduled and monitored, so that important data is not lost. The network should be properly designed, for the spread to be halted quickly. Staff should be familiar with the Restore Process, so that the recovery time is minimized.
There’s a lot to do and your IT needs the time, tools and permission to get it all done.
If you have any questions about Ransomware Defense, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind Courtesy of Your Friendly Neighbourhood Cyber-Man.