Cyber Extortion On The Rise In Education
According to new research by Microsoft, ransomware gangs are changing their tactics. They will sometimes lie dormant after breaking into an institution, and then activate their ransomware at a future date when the institution can least afford the downtime or exposure. The recent increase in ransomware is evidence of groundwork laid by these groups over the last 12 months.
How can we prevent ransomware?
If there were a simple solution, ransomware would not be the issue that it is. A good starting point is reading Microsoft's most recent ransomware guidance. It lays out how different ransomware groups operate and the techniques that disrupt them from taking control of the systems that you manage.
As you might expect, the solution is complex. From a higher-level point of view, there are a couple of actions that we can prioritize to limit the overall risk of ransomware:
- Practice a ransomware drill. Whom do you call? Who provides immediate assistance? How do you get contact information if all the computers have been locked? Preparation can massively reduce the time to recovery.
- Up to 90% of ransomware encryptions start with exposed RDP boxes. Ensure that any remote access service like this requires a VPN to access, and two-factor authentication. Do any of your servers show up on www.shodan.io?
- Reduce access wherever possible, and avoid users with administrative access. Ransomware gangs can only steal what they can access.
- Use reputable cloud vendors to store and process your data. Only keep locally what you can secure with confidence.
How StarRez protects you from ransomware
We think a lot about ransomware and disaster recovery in general, both because we take significant precautions to protect our local network and because we are often the only system left standing when an on-premises incident has occurred in a housing office. A key advantage of external cloud vendors is the separation from having that data stored within a different environment. As long as you are confident in your cloud vendor's security arrangements, they can reduce your exposure by being an independent system.
StarRez devotes much time to securing our cloud. Many technical controls need to be adjusted and updated as browsers roll out new security features, and our ability to deploy rapidly across cloud environments enables us to use these features. We also benefit from an additional layer of protection by being a SAAS company. Our customers' access credentials don't provide access to the underlying resources, so a ransomware gang can't encrypt the data in the same way as they would locally. Stolen credentials can still allow them to access data held in cloud vendors, so there has never been a better time to make sure you are using two-factor authentication for any sensitive login.
It takes a community
The rise of cybercrime and ransomware attacks highlights some of the changes occurring in the IT eco-system. Protecting against attacks like these will require more companies to focus on protecting their part of the supply chain. Hardware companies will need to harden the equipment they provide to data centers. Companies like Microsoft will set the platforms that run on top. Companies like StarRez will secure the applications that run on those PAAS resources, housing offices will secure access to that data, and the end-user will need to secure their personal information and login details. The eventual solution will be a community effort, and StarRez is committed to being part of that.