High-Profile Ransomware Attacks Underscore the Need for Security
Perhaps you have seen the news stories. A cyberattack closes a key pipeline, gasoline prices surged and 1970s-style gas lines make a temporary reappearance up much of the East Coast. Hackers gain access to the data of 425 of the Fortune 500 as well as the top 10 communications companies and several government agencies. An attack disrupts a Massachusetts ferry service just as the busy tourist season begins.
The common thread connecting these, and many other incidents is that they were “ransomware” attacks. Ransomware is a type of malware that not only allows criminals to access computer data, but to lock it up and prevent owners from accessing it until they pay a ransom. The most common method of ransomware incursion is through a phishing attack.
After planting the malware in a computer or a network, the hacker can wait to plan a coordinated attack. “Some companies take years to even realize they have been compromised,” said Curtis Strole, executive director, Customer Relations for NRTC Managed Services.
Hackers have hit everything from private citizens to schools and hospital. Telephone companies and electric utilities are prime targets. The motivation for these attacks varies. Some are nation-backed political attacks. Some are youths looking to create random chaos. But the majority seem to be doing it for the money.
Strole’s first suggestion for guarding against attacks is to “keep your systems up to date. Things happen because someone didn’t bother to close the holes in their system.” Beyond that, NRTC offers a range of alternatives to protect members’ operations and their communities. Learn more about each of these alternatives by contacting email@example.com.
The NovaSecure Cybersecurity Suite offers a process for members and NRTC to work together and conduct a security self-assessment. It is a process the member can repeat two or more times a year to ensure keeping up to date. “We have templates we can use to update members’ security policies, and what I mean by security policies is anything from using company email, using VPNs [virtual private networks], and anything like that,” Strole said.
NRTC partners with Dynetics, a company that develops cybersecurity systems for entities including federal government agencies handing very sensitive data. Last year, NRTC presented an online live demonstration of a phishing attack. The main goal of the Dynetics systems, they say, is to take steps to prevent attacks, especially the toughest “level 3, 4 and 5” attacks.
“Everybody’s responsible for cybersecurity,” Strole said. Even the members’ residential end customers. TechShield is a package NRTC members can sell to their residential users to help them stay up to date as well. The package protects up to five devices. It does not include VPN access, although NRTC recommends subscribing to a VPN service for an extra layer of protection. Consumers can build for themselves a similar amount of protection as some fields, such as finance and medical entities, which require VPNs for remote communications.
The FBI has said after the recent high-profile attacks that it has made ransomware investigations a “top priority.” The Bureau expressed confidence in its ability to contain the problem, but at the same time described the need for the business community to lend a hand.
“The FBI has a long-standing history of confronting unique challenges in the cyberspace and imposing risk and consequences on our nation’s cyber adversaries. Through trust-based relationships with our private sector partners, we are indispensable in the fight against cyberattacks,” it said in a statement earlier this month.