Cut Through the Noise: Ransomware – What to Communicate to Your Workforce

With the most recent Colonial Pipeline Co. incident affecting critical infrastructure of fuel delivery across the United States’ East Coast, ransomware continues to be in the news, leaving many in your workforce worried, confused, or asking questions. Below is an email template that security awareness professionals can use to communicate to your workforce about ransomware—feel free to modify anyway you'd like. But first, some quick background on ransomware. Keep in mind, ransomware is a very specific type of malware, so we treat these the same in our awareness program. What makes ransomware different is not how it infects systems, but how cyber criminals leverage ransomware once an organization is infected. Cyber criminals demand that organizations pay a large (and growing) ransom or the victim organization loses their data or perhaps even worse—their data goes public, ruining their brand reputation and resulting in millions of dollars in fines.

There are two primary reasons why we are hearing about ransomware so much. First, ransomware is very public, when an organization gets infected with it, the public is often notified. Cyber criminals have even created websites to announce when organizations are infected to pressure them to pay the ransom. Second, ransomware is VERY profitable for cyber criminals, so not only are more doing it but they are getting far more sophisticated at it and investing in infrastructure. In the SANS MGT433 course on Managing Human Risk we cover the importance of Cyber Threat Intelligence (CTI), understanding your adversary so you can better defend against them. Here are the two best CTI reports I've found on recent ransomware attacks.

• Brian Krebs Darkside Blog Post (high level)
• FireEye CTI Darkside Blog Post (more technical)

An interesting theme I'm finding from these reports (and many others) is the primary initial attack method is phishing and passwords, both human related. Remember folks, ransomware is NOT a new type of attack, but instead, primarily a new type of monetization. If you want to help protect your organization against ransomware from a human perspective, focus on the basics.

Folks, you may have read about the major ransomware incident affecting Colonial Pipeline Co. in the news recently. We wanted to briefly share with you what ransomware is all about, and even more importantly, what to do to protect yourself. Ransomware is not some new type of attack, instead ransomware is a specific type of malware that infects your computer. Malware is malicious software developed by cyber attackers to enable them to take over computers and systems. The best way to protect yourself from getting infected by ransomware are the very same steps to protect yourself from getting infected by any other type of malware.

What makes ransomware so dangerous is what it does after it infects computers. Ransomware either encrypts all the data on our systems or sends a copy of that data to the cyber criminals. The criminals then demand a large ransom payment for organizations to get their data back. If the ransom is not paid, the data is either destroyed or released to the public. The reason ransomware is exploding and you are seeing it more and more in the news is because it has become so profitable to cyber criminals around the world. They are making millions of dollars every day in these attacks, and as such, these attacks will only continue to grow.

There are three key steps you can take to help ensure your computer does not get infected with ransomware, or any other type of malware.

• Phishing: Phishing attacks are one of the most common methods cyber criminals use to infect computers, often through malicious links or infected email attachments. Know the most common indicators of a phishing email and how to spot such an attack, such as emails with a tremendous sense of urgency, pressure to bypass or ignore our policies, or emails claiming something too good to be true.
• Passwords: Often cyber criminals break into and infect systems using weak or easy-to-guess passwords. Protect yourself with a strong, unique password for each of your accounts. Whenever possible, also enable two-factor authentication on each of your accounts.
• Updating: Ensure the systems and devices you are using are updated and current. Whenever possible enable automatic updating.

These three simple steps will help protect you not only from ransomware but almost any type of malware, both at work and at home. As always, if you have any questions please reach out, we are here to help.

Resources

SANS Security Awareness Ransomware Factsheet

SANS Security Awareness Malware-Technology Alone Won't Protect You Factsheet