IT Tips & Tricks
21 April 2021
Cloud Security and the Email from Hell
“All your files have been encrypted due to a security problem with your PC. Now you should send us email with your personal identifier. This email will be as confirmation you are ready to pay for decryption key. You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.”
This is an actual ransomware email and we’re willing to bet that it’s not the kind of email you ever want to receive.
Perhaps we expected something a little more sophisticated and eloquent, but, no.
Ransomware email? Know how to protect yourself and have a disaster recovery plan in place — in case the unthinkable happens.
Quite apart from the absent punctuation and blatant disregard of grammar rules, this ugly, threatening email was sent out about 12.5 million times in the space of just six hours, no doubt instilling outrage in the hearts of about 12.5 million recipients and trepidation in the hearts of those contemplating a Cloud migration. (More on that later.)
Although the hackers promised a decryption tool, there was no assurance that the ransom, once paid, would guarantee the receipt of said decryption tool. Obviously, one can’t do nothing in this situation, but what is one supposed to do? Damned if you do, damned if you don’t, right? After all, if you build a smarter rat trap, don’t you get a smarter rat…?
For most organizations, the Cloud currently offers cost effectiveness and scalability, both of which are important to organizations wishing to grow, particularly during the uncertain times of the 2020/2021 Covid-19 pandemic. But is there a catch? With more organizations migrating to Cloud-hosted systems, the playground for potential hackers has grown exponentially. In fact, the threat of ransomware or malware has exploded in the last couple of years, as hackers take advantage of changing business practices.
. . . protect yourself from potential litigation or blowback from customers, partners, investors and so forth . . .
Within the same time period, cyber-security insurance premiums and deductibles have literally doubled. We’re not talking about a $500 or $5,000 deductible. Nowadays, a deductible of $100,000 (or more) is not uncommon. That’s a big chunk of cash for most folks, but is cyber-security insurance really necessary?
The Cloud has, partially due to the pandemic, become more stable and robust, with necessarily increased security protocols. However, the sheer volume of businesses that are migrating means more opportunities for hackers to literally swoop in and steal the candy from the baby.
Businesses are urged to increase their budgets for disaster recovery, particularly if they have high volumes of remote workers. Even Microsoft had over a third of their employees work remotely during the height of the pandemic. (While this article is not about the productivity of remote employees, it’s interesting that Microsoft observed the following: “Research with one Microsoft team in the US found that the share of IMs sent between 6 pm and midnight increased by 52%, and that people who previously did not work much on weekends saw their weekend collaboration triple.” — The New Future of Work: Research from Microsoft into the Pandemic’s Impact on Work Practices. If you’re in any doubt as to whether remote workers produce more or less, this may provide an answer to that question.)
What is noteworthy, however, is that with remote employment becoming more commonplace, there is an increasing global workforce connecting to their employers via the internet. The relevance of that will soon become apparent.
The Saddest Four Words: Too Little, Too Late
The combination of a high volume of remote workers and business systems that are migrating to the Cloud simply creates a window of opportunity for hackers and other cyber miscreants until such time that organizations diligently increase and improve their cyber-security. This must include increased budgets for disaster recovery (DR).
Sadly, most organizations have insufficient budget for DR. This stems from a blind spot relating to current threat levels. For example, is your organization aware that since early 2020 there has been a constant groundswell in the number of cyber threats accompanied by an increase in anti-hack resources that could afford the organization greater protection?
. . . one pertinent statistic should convince you, if nothing else has, just how easily risk is incurred . . .
When it comes to an organization’s stance on cyber-security, there are really only two options from which to choose:
- Reactive: This generally translates to “too little, too late.”
- Proactive: Allocating funds for DR and being prepared to deal with a breach.
If you happen to fall into the camp of, “Oh, it’s highly unlikely we’d ever attract that sort of attention,” then here’s a heads-up for you to ponder: the vast majority of disastrous cyber-security events (such as malware or ransomware) happen over an internet connection. So, if you or anyone in your organization is connected to the internet for any reason whatsoever at any time of the day or night, guess what? Yup. You’re at risk.
. . . since early 2020 there has been a constant groundswell in the number of cyber threats . . .
And if you’re of the “this is something the IT department will have to deal with, I mean, it falls into their territory, right?” mindset, here’s a pop quiz for you. Whose responsibility is business continuity? Answer: During a DR outage, business continuity falls to the business rather than IT. Yes, IT needs to repair and restore, but it is the business that is bailing water while IT plugs the hole. Business continuity is way beyond just IT, as it is the business that will have to handle things when the proverbial doo-doo hits the fan. The bottom line is that business leaders — not the IT department — lead the business.
Smarty-Pants: You Versus Them
Please don’t assume we’re painting a doom-and-gloom scenario. We’re not. What we are doing, because it’s the smartest position to assume, is urging you to plan proactively. Ensure that your organization has funds allocated for disaster recovery and make sure the IT department has a rock-solid plan in place. While you’re at it, also see to it that the IT department plans include a protocol for maintaining cyber-safety during extreme weather. For the most part, the data centers that host Cloud accounts have measures in place to continue operating during a grid blackout, for example, which maintains your cyber-security. These data centers also tend to have secondary back-up locations in alternative geographic areas to ensure their continuity of service.
There are a multitude of factors to consider when designing your disaster prevention and recovery plan. As tough as it may seem, being ahead of the game is a whole lot easier than dealing with an unplanned-for disaster when it strikes. We know that it’s difficult trying to preemptively outsmart an unknown opponent, but it’s better to be the smarty-pants than the one caught with their pants down, right? As more and more businesses switch to hosting their systems in the Cloud, the question of cyber-security arises more frequently. Some cyber-security professionals insist true safety lies in splitting your data across multiple Cloud providers so that in the event that one account is compromised, the others are safe.
The Cloud enabled people to continue working and collaborating around the globe during the Covid-19 pandemic.
Other security professionals argue that dividing your data complicates the level of expertise required to run it and has more cons than pros. Ultimately, this is a decision that would need to be made in-house, based on all the variables pertinent to the organization. Either way, protect your assets by investing in cyber-security insurance.
What would you do if a ransom note showed up one day? It makes no difference what sized operation you run. In the blink of an eye, your life would become a living nightmare. For the sake of simplicity, let’s create a scenario around a smaller “mom & pop” type operation. Imagine a nice little yard and garden store with a simple computer system that contains records of their entire inventory; their financial records; their suppliers; possibly their password list and their customer lists that include personal information such as delivery addresses and maybe credit card info. All of it is gone in a matter of seconds. Just vaporized.
How do you even begin to function without it all? Well, you hope like heck that mom and pop have enough cash tucked away to pony up the ransom, that they get their data restored and continue running their family business. And you hope, most fervently, that mom and pop immediately go out and get themselves some adequate cyber-security insurance and a backup system that is infinitely more secure.
… the playground for potential hackers has grown exponentially.
In a larger operation, with many more moving parts and masses more data, the nightmare is significantly larger, as is the ransom. The ransom value tends to be negotiable, based on how much of the hijacked data is personal or financial, and frequently runs to strong six-figure numbers.
The amount demanded is (hopefully) covered mostly by cyber-security insurance.
There’s an interesting plot twist, though. Commonly, one of the first things hackers search for are details of the cyber-security insurance policy stored on your system. Your policy tells them how much coverage you have. Once they know how much that is, they know exactly how much to demand. It is therefore highly recommended that this information is not stored anywhere on your system. Offline, ladies and gentlemen, offline.
The typical ransom sequence is as follows:
- Your data is stolen or encrypted. Often this will occur at off-peak hours, so you may not even be aware of it immediately.
- The ransom note arrives, generally in your email.
- You pay the ransom to receive recovery keys to decrypt your data, and you hopefully receive the decryption keys. (“No honor amongst thieves” sadly springs to mind.)
- You fervently hope that you’ll never have to go through this again. Or you transfer out of the IT department. Or you take up that cushy swim-instructor position at the local YMCA.
Battle Plan Basics
While security measures and firewalls are helpful, here are several additional points to mitigate the potential for damage and prepare for an unanticipated attack:
- Make sure you have cyber-security insurance. As stated earlier, store any details of your coverage offline.
- Review your Terms & Conditions to protect yourself from potential litigation or blowback from customers, partners, investors and so forth in the event of a ransomware attack.
- Take an honest look at your situation and develop a “what if?” scenario. Run through it thoroughly. Use this information to build your disaster playbook.
- In the event of an attack, make sure you have “break the glass” phone numbers and emails for your insurance vendors. You’re going to need them and you’re going to need them fast. Again, these would ideally be stored offline.
- Make sure you have a thorough playbook that covers every step you’ll need to take in the event of an attack. Again, store this offline.
Hackers specifically search for your cyber-security insurance policy on your system. Don’t let them get their eyes on it. Store these details offline.
- Definitely consider offline backup as another effective option. Depending on the size of your organization, you could consider cost-efficient network attached storage (NAS), which conveniently has anti-ransomware built into it. Simply copy your NAS data onto external hard drives, rotate through them, and always keep them unplugged.
Some of the factors you should consider are configuration issues. For example, can your backups and replicas survive a supply chain attack?
Generally speaking, if they’re on the same network that’s been attacked, or stored in the same Cloud account, the most likely answer, sadly, is a thumb’s down. Offsite backups, separate from your network and your Cloud account (such as the above-mentioned NAS), would, however, probably survive completely unscathed. Do you have modern backup service accounts? Do you do daily backups? What can you do to minimize the impact of an attack and maintain a degree of continuity in the organization?
The Soft Underbelly
. . . is cyber-security insurance really necessary?
The truth is, for the most part, hackers like a soft target. In other words, they’re looking for a quick, easy win, the soft underbelly of your system.
They’re looking for insecure backup infrastructure and they’re looking for weak cloud security.
(If you’ve recently done a migration to the Cloud, you may want to double-check your security.)
Industry recommendations state that even with multiple cloud providers, it is advisable to use different security programs for backups. Ask yourself if your organization has encryption or multi-factor authentication and consider the following:
- Obtain advanced persistent threat detection (as with Microsoft Defender ATP, for example),
- Create a dedicated Forest/Domain for backup and replica (disaster recovery) infrastructure,
- Consider a separate tenant for disaster recovery and backups in the Cloud.
Lastly, with more and more employees working remotely, one pertinent statistic should convince you, if nothing else has, just how easily risk is incurred and that statistic is this: Upwards of 70% of attacks occur through a remote desktop protocol. The solution? Get multi-factor authentication. Need us to repeat that? Get multi-factor authentication. Get multi-factor authentication. Get multi-factor authentication.
If that just gave you either a cold shiver or food for thought, our work here is done and you understand the importance of protecting yourself as much as is humanly possible, being prepared and having a game plan for if the doo-doo does hit the fan.
Do not be dissuaded from migrating to the Cloud.
The fact is that for the vast majority of businesses, it is the way of the future (nay, the present). The Cloud offers a multitude of benefits and smart solutions for modern, growing companies, but that’s the subject of several other articles available on our site.
Essential data, such as your cyber-security insurance policy, critical email addresses & phone numbers, as well as user names & passwords for your key financial data should be stored offline.
If you’d like to discuss your cloud migration with a friendly and knowledgeable consultant, call 727-442-1822 or visit LinkTek.com to discover how to avoid one of the most common causes of data loss during a migration.
In summary, there are three things that will make the world of difference to you in terms of security: One, be prepared by using the above-mentioned battle plan basics. Two, get cyber-security insurance (although we hope you never need it) so that you’re covered in the event of a breach. Three, if you don’t already have it, get multi-factor authentication. Seriously. Just do it.