For anyone following the news out of the world of cybersecurity recently, it seemed to just get worse and worse.
First, the major “fuel aorta” of the eastern U.S.—now known to everyone as The Colonial Pipeline—got hit with a ransomware attack that caused managers to take it offline. This caused price hikes and panic fuel-buying, leading to long lines at gas stations.
Then, word came out that the attack was conducted by cybercriminals affiliated with a shadowy hacker gang called DarkSide. DarkSide publicly claimed that it has “principles” and won’t target certain types of business including hospitals, funeral homes, educational institutions, nonprofits, or the government. DarkSide’s stated goal is simply to make money, not cause societal problems, according to their statements, and so they target businesses with the cashflow that would allow the victims to pay the ransom. Still, many cybersecurity experts thought DarkSide seemed suspiciously related to REvil, also known as Sodinokibi, a Ransomware as a Service (RaaS) operation. They were looking for $5 million worth of Bitcoin in exchange for providing the decryption key to unlock Colonial’s files.
Since this attack, the largest meat processor in the country and a major hospital system have also been hit. Remember, these are the attacks we’re hearing about—small- to mid-size businesses that are attacked don’t make the news, even when they are a key driver of the American economy, both locally and nationally, and employ millions of workers across the country.
Ransomware attacks can hamstring any business, causing lost time and therefore lost revenue, plus a crisis of confidence among customers who learn their data may be at risk of turning up on the dark web.
Let’s take this crisis as an example, and walk around in Colonial Pipeline’s shoes for a while. Imagine our hypothetical business is subject to a ransomware attack, we don’t hear anything from anyone, we just start losing access to file after file on our network. Reports indicate that the DarkSide attack requires just one networked computer to gain a foothold and seize our data and files.
Then the message is received—a text message explains that our files have been encrypted, and, in the case of the DarkSide attack, our data has been stolen. The message gives us an amount that must be paid, and a deadline. Usually the amount is exorbitant, but not completely beyond the realm of being paid (after all, the criminals’ goal is to get the money, right?). In this way, ransomware can be a nuisance—or worse—to owners of any size business.
What do we do? Aside from feeling quite powerless, we think about paying, as much as the idea makes us angry.
Who are we going to call? The police? More likely we’ll have more success contacting our IT consultant or managed services provider, though there’s likely little to be done to help our situation.
UNLESS we had the foresight to set up a disaster recovery plan. At Axis Computer Networks, we offer the only 100-percent-effective response to ransomware attacks. Network security is key of course, but the hackers eventually will find their way through any secure system. The only protection against ransomware is to expect it will happen, and plan accordingly.
According to Statista.com there were 304 million ransomware attacks in 2020. And while small- and medium-size business owners may think (read: hope) they’ll be overlooked by criminals, it’s actually quite common that these bad actors can make a good living targeting smaller companies who may not have the resources to build the security infrastructure that can make them a more challenging target.
Worse yet, imagine our company got hit, and we scrape together the cash and pay the ransom. Who’s to say they won’t come back and do it again next week? Or next month? Or tomorrow? Even if they say they won’t. What is the word of a criminal worth?
Take the upper hand. Learn about setting up a Disaster Recovery Program. We’re happy to talk to you about your options.
And now for the good news: As we wrote this blog, DarkSide’s servers were shut down, its Bitcoin accounts were drained, and all of its outstanding victims were said to receive their decryption codes. Whether the gang was broken up by an international consortium of law enforcement agencies, was threatened into submission by organized crime, or backed off because the attack became too high profile with round-the-clock media coverage, we may never know. Bottom line, no one wants to be in a position where they have to decide what their business is worth to them, as it hangs in the balance.
Let’s hope the only DarkSide we ever hear about from now on is that great Pink Floyd album.
[Contact us today to learn more about setting up a disaster recovery plan. You may be surprised how easy and reasonable it is. And how good you feel once it’s done.]