Hello and welcome to week 4 of Cybersecurity Awareness Month!
So far, we’ve covered some ways you can protect yourself online. We’ve talked about good passwords, multi-factor authentication, and phishing. Knowing how to maintain good passwords, lock them in a password manager, set up MFA on your accounts, and knowing what phishing scams look like are all incredibly important steps to improving your security posture. This week, we’re going to look a bit more in-depth at cyber-attacks with a focus on ransomware, and how we, both as an institution, and as individuals, can protect against it.
The Multi-State Information Sharing & Analysis Center (MS-ISAC), a government supported internet security collaboration group, defines ransomware as:
“…a form of malware designed to encrypt files on a device, rendering them and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.”
Ransomware is one of the most popular and disruptive forms of cyber-attack today. It gives attackers control of a device or devices, allowing them to encrypt files making them inaccessible. Without access to crucial files, or services, many organizations are crippled in their day-to-day processes. On top of not being able to function as normal, targeted organizations can also lose data to ransomware attackers who release or threaten to release exfiltrated data if they are not paid the ransom.
So, how do we protect ourselves from something as destructive as ransomware? Earlier this month, on October 19th, The Cybersecurity and Infrastructure Agency (CISA), NSA, FBI, and MS-ISAC released an updated version of the joint #StopRansomware Guide. This guide was released to the public to provide organizations guidance in reducing the impact and likelihood of ransomware incidents. Some of the recommended best practices should look familiar, as some of them are topics we covered this month, and others are protocols that have been, or will be implemented here at the VSC. Below are some methods that we can all practice to help mitigate the risk of ransomware:
- Utilize MFA on all services that offer it. Adding an extra layer of authentication security minimizes account compromise.
- Change default admin usernames and passwords on all services and keep passwords unique.
- Do not use ‘admin’ or ‘root’ accounts for daily operations. Keeping a separate account for administrative tasks, and reducing the number of administrative users, can reduce the risk of account compromise. Administrative access should only be used when a task requires an administrator to run.
- Maintain password policies and password managers.
- Ensure applications, operating systems, and antivirus/anti-malware are kept up to date. Many ransomware infections are caused by vulnerabilities in software that can be mitigated with updates and patches as these vulnerabilities are discovered. VSC IT keeps all machines on the network up to date, but personal devices, and work from home devices, should be maintained as well.
The VSC Cybersecurity Team takes your data and privacy very seriously. Utilizing MFA where possible, keeping the community informed of phishing and malware trends, backing up crucial data, and implementing security policies that enforce best practices are just a few of the steps that we take to mitigate ransomware, and other attacks. In addition to mitigation techniques, the VSC also maintains an Incident Response Team, and plan, in case of attack.
Even after taking steps to mitigate, a ransomware attack can happen to anyone. If you suspect, or notice a ransomware incident, here are some steps that you can take to minimize the impact.
- Disconnect the affected device from wireless or wired internet. If this isn’t possible for any reason, power down the affected device to avoid further spread of the infection.
- Once disconnected and/or powered down, contact your local IT department either via phone or in-person if able. If possible, bring the affected device with you to the IT office if it is a VSC-owned device.
- Any suspicious emails, especially ones threatening ransomware, should immediately be reported and forwarded to ‘firstname.lastname@example.org’ for review and analysis.
Cybersecurity Awareness Month may be coming to a close soon, but it’s imperative that we continue to work together year-round to stay educated and diligent so we can mitigate cyber-attacks and keep the VSC’s data private and secure. Policies and procedures may seem like a hinderance or an inconvenience; MFA can feel like “one more thing” you have to do, but Cybersecurity is a constant balance of risk and convenience. What is convenient for daily users, is also convenient for attackers. The harder we lock down systems, and the more we add security measures, yes, the more work we all have to do to access services we need, but the same goes for malicious actors. If a service doesn’t have MFA, uses a weak password, has known, unpatched vulnerabilities, or has an account with unnecessary administrative privileges, we are making attackers’ jobs easier and leaving ourselves as an open target.
For more resources on Ransomware, its prevention, and how to recognize it, you can check out CISA’s resource page here: https://www.cisa.gov/stopransomware/resources