Since most of the malicious activity related to ransomware is often delivered via email, it is imperative that end users exercise caution when acting on email messages.
Culbertson encourages users to take the following steps to prevent ransomware attacks.
Slow down and look for the visual cues: Take a few moments to examine the message sender and the contents of the message. Are there typos in the sender’s business name and in the body of the email?
Never trust and always verify: If the message appears to be from reputable source, but the content of the message appears strange, contact the individual in a different manner rather than email to verify if this was from them or not.
Think before you click: Before clicking the link or links in a message or downloading attachments accompanying the message, ask “Do I trust the source?” or “Was I expecting this message?” or “Is the content/attachment included something that pertains to me?”
When in doubt, throw it out: If you don’t feel comfortable acting on a message you received, simply take no further action other than to delete it. If the message was legitimate and/or important, the sender will most likely contact you through another communication medium for follow up.
While you may have heard the term “ransomware,” did you know that in 2022, ransomware gangs extorted about $456.8 million from their victims?
While that statistic is around a 40% drop in the amount extorted from the record-breaking $765 million recorded between 2020 and 2021, ransomware remains a huge threat to large and small businesses, causing loss of revenue and customer trust.
What is ransomware?
Ever since the early days of the Internet, there have been “princes from foreign lands” sending emails requesting the email recipient help them by sending an amount of money in order to earn the victim an even greater sum of money. There are scams involving victims sending gift cards to claim a large sum of money and all sorts of other ways to steal your identity and/or money.
Known as “phishing” emails, they are sent by a member of a ransomware gang or a lone actor trying to find unsuspecting victims who comply with their request and send money. Ransomware often is spread through phishing emails that contain malicious attachments or through drive-by downloading, which occurs when a user unknowingly visits an infected website. Malware is then downloaded and installed on the user’s computer system without the their knowledge.
According to the U.S. Government’s Cybersecurity and Infrastructure Security Agency, ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering those files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.
In 2021, according to Business Insider, the largest ransomware payout in history was made by an insurance company for $40 million.
CISA recommends that victims not pay the ransom as the victim could be targeted again by cyber criminals. Getting the local police department involved to investigate is the first step rather than paying the ransom.
Coby Culbertson, chief technology officer for the Dubuque Community School District said that, to date, the district has been fortunate to not have experienced a ransomware event. And they have taken steps to ensure one does not occur.
“The school district has implemented many practices and security measures to prevent malicious activity such as ransomware by threat actors,” Culbertson said. “We’ve adopted a ‘least privilege’ philosophy where computer and system access rights are restricted for users to only what is needed for their job or learning. The district uses a multifactor authentication for staff to serve as a layered approach in securing the data and systems. Complex password policies and usage of a password manager are also used.
“We also provide monthly cybersecurity awareness training to all staff, consisting of brief training videos and assessments. In addition, the district conducts rolling daily phishing tests to simulate some of the highly used tactics to provide awareness and help district staff identify and exercise caution when handling suspicious email messages.”
The Dubuque Community School District subscribes to an extended detection and response solution that collects, correlates and analyzes signal, threat and alert data from the district’s endpoint, email, applications and identities.
“An agentless, defense containment solution that responds to malicious intent of illegitimate encryption and file corruption of data has also been implemented,” Culbertson said. “And we’ve adopted a ‘secure first, remediate later’ stance regarding staff and student user accounts. That stance means that if any unknown or abnormal activity conducted by a staff or student user account is flagged by any of the district’s security solutions, the user account is automatically disabled, preventing system access until an investigation of this activity has been performed.”
Culbertson also subscribes to various services provided by federal agencies and affiliated entities to increase the district’s cybersecurity posture.
“With all the various solutions and protective measures in place, the best prevention to ward off malicious activity by a threat actor is education,” he said. “There is not a technology system on the market today that can provide 100% prevention against malicious activity, eliminate all risk and circumvent human decision making.”
The cost of ransomware
Ransomware gangs target businesses of any size, with health, manufacturing and energy sectors being most vulnerable to attack.
“Any business, regardless of size, that is connected to the Internet or has an online presence is at risk of cybercrime,” Troy Wallis explained in an article on the Cottingham & Butler website.
Wallis is the director of transportation brokerage claims at the broker.
He said that a third of all documented data breaches occur in businesses with fewer than 100 employees.
“And, of the small businesses that do fall victim to cybercrime, nearly two thirds close their doors within six months of a cyberattack,” Wallis said.
According to BlackFog, a global cybersecurity company that produces a monthly report of globally disclosed ransomware attacks, 128 ransomware attacks have occurred between January and April 2023.
Notably, in Iowa, Des Moines Public Schools was forced to extend the school year to make up for lost time due to a ransomware attack that affected the district’s servers. The Iowa Department of Education, local FBI offices and the Department of Homeland Security continue to investigate the attack.
In addition to ransomware, Cottingham & Butler also sees insurance claims for social engineering attacks, which is the art of manipulating victims in an online environment to divulge sensitive personal information such as account numbers, passwords or banking information. Social engineering also can happen in the form of the “engineer” requesting the wire transfer of money to what the victim believes is a financial institution or person with whom the victim has a business relationship, only to learn later that the money landed in the account of the engineer.
An example of social engineering occurred several months ago when an Iowa state auditor was the target of an attempted email scam.
Someone pretending to be the auditor tried to move the auditor’s paycheck deposit to a different bank account. An observant state human resources employee contacted the auditor directly to alert him of the email to divert his paycheck and the scam was prevented.
Though it might seem like there are bad actors everywhere, the first step toward avoiding the costs of ransomware — in time, money and public relations — starts with awareness.
Remember, when in doubt, throw it out. Emails can always be resent and there are other ways to contact people to verify a senders identity.
Simple critical thinking can help cut the cost of bad actors even lower than the $456.8 million of 2022.