Rebuffing ransomware: How to prevent your organization from becoming a victim
A screenshot of the warning screen from a purported ransomware attack, as captured by a computer user in Taiwan, is seen on laptop in Beijing, Saturday, May 13, 2017. Dozens of countries were hit with a huge cyberextortion attack Friday that locked up computers and held users' files for ransom at a multitude of hospitals, companies and government agencies. (AP Photo/Mark Schiefelbein)
Jim Bronskill, The Canadian Press
Published Wednesday, December 8, 2021 5:23AM EST
OTTAWA -- Cybercriminals have zeroed in on a lucrative tactic, holding the digital files of crucial enterprises hostage until a hefty fee is paid, often in hard-to-trace virtual currency.
The federal government says that in the first six months of this year, more than half of Canadian victims of ransomware were critical infrastructure providers, including the energy, health and manufacturing sectors.
Since March 2020, almost one-quarter of Canadian small businesses have experienced some kind of hostile cyberincident, federal officials say.
The digital dilemma prompted several cabinet ministers to plead with Canadian organizations this week to take protective steps.
Many breaches are simply attacks of opportunity, taking advantage of a network vulnerability, said Dwayne Robinson, global director for incident response at CyberClan, which provides security services to small and midsize organizations.
“I would argue not many are actual true, hard-targeted attacks,” Robinson said during a recent webinar on ransomware in Canada.
There are some basic things that companies can do to vastly improve their security, he said. “And it's somewhat frustrating because we see the same thing over and over and over and over and over again.”
The Canadian Centre for Cyber Security, a federal agency, has developed detailed guidance on preventing and protecting against a ransomware attack. Here's a look at some key recommendations:
Training - Provide security awareness training for employees to ensure they don't click on phishing emails or open infected downloads.
Planning - Draft a plan on how your organization will monitor, detect and respond to a ransomware attack. Test the response plan through exercises.
Cyberinsurance - The average cost of recovery from ransomware worldwide more than doubled in the last year to $2.3 million. Look into policies and consider whether insurance would be helpful.
Assessment - Private specialists can assess an organization's computer systems and recommend precautions against a ransomware attack.
The federal government offers programs aimed at critical infrastructure operators in the fields of energy and utilities, finance, food, government, health, information and communication technology, manufacturing, safety, transportation and water.
Public Safety Canada, working with the Cyber Centre, developed the Canadian Cyber Security Tool to provide critical infrastructure organizations with an easy means to assess their cybersecurity in less than an hour.
It was first offered to health sector organizations in the summer of 2020, and is now available to all critical infrastructure sectors. Public Safety says it has conducted 132 assessments to date.
The department also offers the Canadian Cyber Resilience Review, an on-site, survey-based exercise that can take up to a day-and-a-half to do. Public Safety says 110 assessments have been done in various critical infrastructure sectors since 2013.
Use security tools - Install anti-malware and anti-virus software on devices to detect suspicious activity and secure the network with a firewall. Use strong passwords, or passphrases, to ward off what are known as “brute force” attacks that scroll through countless password possibilities.
Update systems - Use updates and patches regularly to remedy bugs and vulnerabilities in software, firmware and operating systems.
Segment Networks - Dividing a network into several smaller segments can prevent ransomware from spreading across the full network.
Observe the “least privilege” principle - Give employees access to only those functions and privileges necessary to complete their tasks.
Random testing - Have testers try to breach a system's security with techniques a hacker might use. The Bank of Canada, like many financial institutions, has long emphasized protection of internal systems, including network penetration tests.
Data backups - It is essential for an organization to have copies of data and systems in the event of an incident. Ensure backups are stored offline, as cybercriminals can infect backups if they are connected to networks.
“Ensure your organization has multiple backups stored offline and conducts the backup process frequently, to guarantee data is as close to real time as possible,” the Cyber Centre says.
“Testing your backups is also a crucial element to your backup and recovery process. To ensure an additional layer of protection, you should encrypt your backups. Having a secondary backup in the cloud is also a recommended approach to enhancing your ability to recover.”
Helpful links -
Cyber safety tips https://www.getcybersafe.gc.ca/en
Canadian Cyber Security Tool https://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/cbr-scrt-tl/in https://www
Cyber & Infrastructure Resilience Assessments https://www.publicsafety.gc.ca/cnt/ntnl-scrt/crtcl-nfrstrctr/crtcl- https://www.publicsa
Report an incident https://cyber.gc.ca/en/incident-management