The Log4j vulnerability has demonstrated the importance of supply chain security. In this blog post we consider the best course of action that companies can take to protect their software supply chain.
Although the title of this post is probably not the world’s greatest contribution to rhyming poetry, it remains true. Even though the world is busy dealing with the impact of the coronavirus, ransomware authors are still busy and generating serious money. Three years after WannaCry, users and companies continue to struggle with encryption attacks and ransom demands. According to Kaspersky's study, WannaCry, as a veteran of the ransomware scene, was responsible for almost a third of attacks on companies in 2019. To prevent this trend from continuing, the Russian anti-malware manufacturer and Interpol are calling on companies and organizations to secure their data and take appropriate protective measures. The campaign is being held on May 12, which is the WannaCry anniversary. Plans are also underway to name May 12 as an official Anti-Ransomware Day.
As it stands, the financial damage caused to the digital economy by ransomware is not likely to drop any time soon. One of the most recent and well-publicized attacks affected not only organizations and people like you and me but a number of famous celebrities. Masses of documents were stolen from household names such as Bruce Springsteen, Lady Gaga, Madonna and Run DMC by the Sodinokibi ransomware They were not attacked individually, but through a specialized law firm. Grubman Shire Meiselas & Sacks, known for their superstar clients, were forced to admit that 756 GB of data – tour details, music rights and correspondence – were stolen. The attackers will only release the data in return for an unspecified amount.
Meanwhile, the classic method of encrypting systems and mass storage while holding data owners to ransom is still on the upturn. Currently, the Maze ransomware is spreading rampantly in the wild. It combines data encryption with information theft and threatens victims with publishing sensitive data. The combination of encryption, theft and threats, much like Sodinokibi, increases pressure on the victims. It seems that many companies have changed their backup strategies to such an extent that ransom payments are becoming less and less frequent due to current backups and experienced disaster recovery processes. The threat of publishing sensitive accounts or private images is designed to make the ransom demand appear even more serious. By now, it should be clear to everyone that paying a ransom only incurs additional costs, which was also confirmed in research a study by Sophos showing that paying a ransom can almost double the cost of damages.
Only encryption can help against the publication of sensitive data. And most companies and generally all private users continue to ignore it. Encryption is complicated, entails more complicated processes, costs money and computing power and always carries the risk of no longer being able to access your own data. Nevertheless, encryption is the only way to meet regulatory requirements and protect against threats such as ransomware, especially in the age of increasing cloud services – whether for private or business users. There are now also some providers that make encryption of cloud data at least less problematic. Of course, these are retrospective measures. It would be prudent not to let malware into the network or onto your own computer in the first place. Up-to-date anti-malware programs and above all thoughtful action – think first, then click – are the most helpful preventative actions here.
Getting back to the backups: Backing up data sufficiently offers excellent protection against common ransomware attacks and a whole host of other online threats. Thanks to the affordable cloud storage services available everywhere, along with sufficient bandwidth for Internet access, backup has never been easier, leaving the dark days of tape drives far behind. Today’s backup is fast, works in the background and without changing tape. However, it still needs to be set up properly once and data should be encrypted wherever possible. At best, data should be encrypted using software that is not provided by cloud services, which could potentially give them access to the keys. The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has compiled an overview page summarizing all important aspects of encrypting data. The rules and recommendations are general enough to be suitable for any business. Even IT-savvy private users will find suggestions on how to implement a backup securely and efficiently. Although this will clearly not eliminate ransomware, it will significantly improve the chances of surviving an attack without a major impact.