The pandemic caused by coronavirus disease 2019 (COVID-19) has disrupted daily life around the world, with many still under orders to stay at home as much as possible and non-essential businesses shut down. Unfortunately, as we battle this horrific physical threat, we also must worry about virtual ones.
COVID-19 and the Continued Rise of Ransomware
In a joint alert issued last month, the U.S. Department of Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the U.K. National Cyber Security Centre (NCSC) noted that malicious actors have taken advantage of the current crisis and launched COVID-19-themed scams and cyberattacks.
The pandemic-linked surge in cybercrime includes an increase in ransomware attacks. Threat actors exploited the economic upheaval caused by the virus in the first quarter of 2020, and the average ransom payment shot up to $111,605, a 33 percent increase from the fourth quarter of 2019, according to a report from Coveware. The top attack vectors were Remote Desktop Protocol (RDP) compromise, email phishing and software vulnerabilities.
This type of malware encrypts the victim’s files, according to the CISA. The cybercriminals then offer the decryption key in exchange for a ransom. These kinds of attacks aren’t new: Ransomware is “the most pervasive cyber threat since 2005,” according to the CSO article “The history of ransomware.” It became well-known a few years ago when the variants NotPetya and WannaCry wreaked havoc worldwide.
Today, the most common types are Sodinokibi, Ryuk and Phobos – and the average ransom that attackers extract from victims via this form of malware has gone steadily up for seven consecutive quarters, by Coveware’s calculations. The COVID-19 pandemic has, unfortunately, made this persistent IT security threat more severe, and it looks like we can expect this trend to continue.
How Incident Response Services Can Save Your Business
Now more than ever, many businesses can’t afford to experience extensive downtime because hackers have taken their data hostage via ransomware. The worst part of a ransomware attack isn’t the ransom itself: It’s your company getting taken out of commission for what could be weeks. With their files inaccessible, ransomware victims suffer up to 15 days of downtime on average, as of Q1 2020, according to Coveware. Could your business survive an outage that long?
The stalled productivity and reputation damage associated with ransomware infections often lead to catastrophic costs. That’s why it’s vital to have a comprehensive cybersecurity strategy in place and proactively implement solutions that ensure quick and effective remediation if you do experience an attack. In particular, the security experts we have on staff at Stratosphere Networks recommend incident response services, including the following:
- Threat analysis
- Malware detection
- Guidance for crisis handling
- Data breach notification
Even if you aren’t a current managed cybersecurity client, our team of security analysts can still rapidly address a ransomware infection and avoid a prolonged outage with incident response services.
Case Study: Security Incident Response for an HVAC/R Industry Warranty Solutions Provider
Here’s just one example of how incident response services helped one of our current clients – a provider of warranty solutions and facilities management services for organizations in the plumbing and HVAC/R industries. They contacted us after TrickBot malware infected their IT environment with Ryuk ransomware, which encrypted their servers. We got them back up and running within three days – far faster than the average of 15 days of downtime.
Fortunately, even though the warranty solutions provider wasn’t leveraging our managed cybersecurity services at the time, we still rapidly resolved the issue. First, our security analysts instructed the client to shut everything down to contain the ransomware infection. Containment was our top priority, as the company wasn’t a current customer and didn’t have any of our tools in place in their environment, which would have allowed us to gather forensic info on their systems.
After that initial containment procedure, our Computer Security Incident Response Team (CSIRT) went on site and worked with the company’s IT team to set up a temporary quarantine network. We then brought their machines back online one at a time and triaged and cleaned up all the affected infrastructure. Our team leveraged the following solutions to get the job done:
- Network and endpoint Managed Detection and Response (MDR)
- Next-gen endpoint AEP protection platform (including anti-ransomware capabilities, exploit prevention and deep learning malware detection)
- Security Information and Event Management (SIEM)
You can read the full case study here for more details, but we completely restored the company’s operations in just two and a half days. The client now leverages our Managed Security Service Provider (MSSP) offering. Our MSSP services can drastically lower the risk of ransomware infection and significantly speed up remediation if an incident does occur, since our cybersecurity tools are already installed and our Security Operations Center (SOC) analysts carry out proactive monitoring.
With cybercriminals looking to take advantage of the present public health crisis in any way possible, it’s vital that all kinds of businesses ensure they can minimize damage and resume normal operations as quickly as possible in the event of a ransomware attack. To learn more about how incident response and MSSP services can safeguard your IT environment and minimize downtime for your organization, please don’t hesitate to contact us by calling 877-599-3999 or emailing firstname.lastname@example.org.