How to Prevent Ransomware Attacks

Last year, ransomware attacks totaled 65,000 in the United States, or seven attacks every hour. Unfortunately, the worst is yet to come for U.S. companies. Once seen as more of a nuisance, these attacks are quickly becoming a national security crisis, with recent attacks affecting crucial parts of our country’s infrastructure. So, why are these attacks occurring more frequently, and what can your company do the prevent (or at least reduce the impact) of a ransomware attack?

Notable ransomware attacks in 2021

Over the last few weeks, there have been two significant ransomware attacks – Colonial Pipeline and JBS Holdings. In May 2021, the computer networks of Colonial Pipelines, America’s largest fuel pipeline operator, were attacked. Colonial is responsible for delivering 45% of fuel along the East Coast, and word of the attack ignited panic-buying, causing fuel shortages. Similarly, cybercriminals attacked JBS, the world’s largest meat supplier (by sales). This attack brought 13 of JBS’s meat processing plants to a screeching halt and will undoubtedly impact meat prices and supply.

Why are ransomware attacks becoming more prevalent?

Luckily, both Colonial and JBS were up and running quickly; however, not without a cost. Both companies willingly paid a ransomware payment. Colonial decided to pay the Russian cybercriminals $4.4 million in Bitcoin to unlock its IT systems. Fortunately, the U.S. Justice Department later recovered most of the Bitcoin ransom. JBS agreed to pay their attackers $11 million in Bitcoin.

So, why did these two companies agree to pay their attackers? JBS paid their attackers to “to prevent further disruptions of the meat plants, mitigating potential damage to the food supply.” Similarly, Colonial paid their attackers to avoid a prolonged shutdown, and they were fearful of how long it would take to restore operations. So the short answer of why these attacks are becoming more prevalent is because they are working and becoming more lucrative.

How to prevent ransomware attacks

Your company’s best offense is a solid defense. The best thing you can do to prevent a ransomware attack is to build a strong defense and mitigation plan. With more employees working from home than ever before, it’s crucial to remind them of best practices. Regularly remind your work from home staff about potential threats and what to do if something doesn’t seem right. If your employees are using public Wi-Fi networks, encourage them to use VPN services. With many people working remotely, they may be accessing public networks, which are more vulnerable to attacks.

It’s also vital for your IT team to regularly backup your IT services. In the event of an attack, your team will be able to quickly recover your services to normal. Also, with regular backups, you may be able to avoid one of these astronomical ransomware payments by restoring your services from a recent backup.

When in doubt, contact a professional

If you really want to build a strong defense against ransomware, you can partner with a consulting company. At JSG, our IT consulting professionals can help you construct a mitigation plan to be prepared in the event of an attack. Additionally, we can help you secure and back up all your services to ensure you are protected from ransomware, which can save you tons of money, maintain your brand’s integrity, and keep business running smoothly. If you are interested in learning more about our IT Consulting Services at JSG, reach out to us today!

How To Avoid Phishing Scams At Your Company

As more and more people work from home and cybersecurity measures become more complicated, corporate phishing scams are on the rise. In fact, one in every two organizations has been targeted by a ransomware attack in 2019, and the attackers successfully encrypted data in 73% of these attacks. And a single spear-phishing attack results in an average loss of $1.6 million. This is why it is more important than ever to take these actionable steps towards shielding your company from phishing scams.

Implement and Maintain Strong Security Software

The best way to avoid phishing scams at your company is by implementing reliable security software. This will help to filter out and neutralize any threats from the start. The more layers of protection your software can offer, the better. Phishing scams are evolving and changing every day, so you need to continually monitor and adapt your protection and response.

Educate Your Employees

Your employees will be on the front lines of your phishing defense. First, encourage everyone to utilize multi-factor authentication – especially on any personal devices that are connected to their company email, like their mobile phones. Next, educate your employees on what phishing scams look like. Provide examples of phishing emails and red flags to look for. Last, establish open lines of communication between your teams. When someone receives a phishing email, have them report it to your IT department immediately!

Backup Your Data

Mistakes happen, and if you, unfortunately, find your company a victim of a phishing scam, you need to be prepared. Task your IT team with creating an extensive backup protocol to protect and preserve your most important and sensitive information. This backup protocol should extend to your individual employees so they can maintain personal documents as well.

Partner With A Professional

The thought of your company being threatened by frequent phishing attacks is intimidating. Especially if you don’t have the bandwidth to add a full team of IT professionals to your company’s payroll. Instead, consider partnering with an IT Consulting Firm like Johnson Service Group. Our IT Consulting Team can partner with your management and employees to create a custom phishing defense plan that will work for your company. Additionally, our team is here if you do experience the unfortunate event of a phishing attack. In the long run, you will obtain peace of mind and save money by proactively partnering with experts.

Contact us today to learn more about our IT Services and how you can protect your company from phishing scams.

The Rise of Ransomware

In 2020, ransomware attacks made a significant jump for corporations across the world. Last year, a new company fell victim to a ransomware attack every 10 seconds. With millions of companies supporting a mobile workforce during the pandemic, companies are more vulnerable to these attacks. Although these attacks are becoming more common, many people don’t understand the severity of them. Here is a brief overview of what ransomware is and how your team can protect yourself from these atrocious attacks.

What is Ransomware?

According to CISA, “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.” And unfortunately for the victims of these attacks, these actors threaten to sell or leak the exfiltrated data or authentication information if you don’t pay a ransom.

A recent example of one of these vicious ransomware attacks is video game developer CD Projekt Red (CDPR). Attackers stole source code to several of their video games and threatened to auction it off if they don’t pay a ransom. CDPR refused to pay the ransom, and the attackers sold the source code in an auction for a reported $7 million. CDPR decided not to pay the ransom, but there are many other costly impacts of this attack, such as a hit to their brand image, unhappy shareholders, and delays in future projects and updates.

Such an attack can be crippling to your company’s bottom line, and the scary part is, these attacks can be many different shapes and sizes. A ransomware attack can start with the infiltration into a single user and can quickly affect your entire company.

Thread hijacking is skyrocketing

Essentially, thread hijacking is when an attacker infects a single user and then accesses their email to spread malware to all of their contacts. “This makes it easier to trick new victims that are within the victim’s social and professional domain, as from their perspective they’re receiving an email from a trusted colleague concerning a known subject,” according to CISA.

In a blink of an eye, your entire staff and their contacts (possibly even customers) can fall victim to this malware. These vicious attacks can spread like wildfire and can bring your operations to a screeching halt. 

Malware attacks have hit the healthcare industry the hardest because of the COVID-19 pandemic. Attackers are targeting vulnerable healthcare organizations with malware attacks while they are busy fighting the virus. Monthly attacks on healthcare organizations jumped 37% last year.

So, what can your team do to mitigate the risks of these attacks?

How to protect your company from Ransomware

Proactively monitor your servers and network

The best offense for ransomware is a solid defense. Proactively monitoring your servers and network to identify any suspicious activity is the best way to avoid these attacks. Monitoring your services before an attack is the best way to prevent one.

Encourage best practices

Encouraging your staff to use best practices when accessing online applications is an excellent way to protect your company from ransomware. Send frequent reminders, encourage them not to click on suspicious links or provide personal data to unknown sources, and inform them about potential attacks to keep them from spreading.

Always backup your data

Regularly backing up your data is a great way to mitigate the impact of a ransomware attack. If an attacker infiltrates you, you can quickly restore your services from a recent backup. The faster you can restore order to your network, the smaller the impact of the attack.

Don’t ever pay a ransom

If you fall victim to an attack, don’t ever pay the ransom. Paying the ransom only encourages the attackers to commit further attacks and funds their malicious activity to target other companies. Plus, there is no guarantee that they will return the data once you pay them.

Enlist the help of an IT consulting firm

If this sounds complicated or your IT department doesn’t have the resources to prepare for such an attack, consider using an IT consulting company. JSG’s IT Consulting Services team can work with your IT team to build a defense against ransomware. Our team can monitor your network for suspicious activity and create a contingency plan if an attack occurs. We can help back up all of your files and employ our IT experts to help with any necessary disaster recovery efforts. We can build a custom suite of services to fit your IT needs, so you only pay for what’s needed. Reach out to us today to learn more about our IT services!