Ransomware is coming to get us. Prepare. Beware.

There are increasing numbers of ransomware attacks on municipalities and governmental organisations in the US, with headlines like this. And Australia will not be immune to these attacks.

Towns Across Texas Hit in Coordinated Ransomware Attack

The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 23 different towns statewide. 

https://www.darkreading.com/attacks-breaches/towns-across-texas-hit-in-coordinated-ransomware-attack/d/d-id/1335567

As Lawrence Abrams noted in Bleeping Computer: “Now that ransomware developers know that they can earn monstrous payouts from local cities and insurance policies, we see a new government agency, school district, or large company getting hit with a ransomware attack every day. For example, this week the Governor of Louisiana declared a state of emergency for the wave of attacks targeting school districts in the state.”

The insurance companies are paying out on these ransomware attacks. But in the very near future insurance companies are going to demand to see evidence of measures taken by the organisation to prevent such ransomware attacks. Based on the ease with which so many cities in the US were penetrated by advanced persistent threats (APTs) they will be entirely right to do so. A good example is the recent Baltimore ransomware attack which will cost the city over $18 million.

However, many organisations are not ready to operate in this kind of world. In the olden days criminals robbed banks because that was where the money was kept. Nowadays the criminals have turned to ransomware because enterprises are the soft target.

Insurers will be under pressure as payouts increase. As was recently noted in the following article payouts are increasing – Ransomware attackers set sights on middle market firms:

“A year and a half ago, the maximum amount we paid was about $7,500, but in many cases, we weren’t paying the ransom because we had the back-ups available to restore the data,” commented Horn. “Now we’re seeing ransomware demands regularly in the seven figures, more like $1 million, $2 million, and a few weeks ago we saw one for almost $4 million.

Do not expect the insurers to continue to take all of the risk. Get organised otherwise organisations will see premiums rocket. This means that every organisation will need to be able to substantiate their preparations to prevent or address ransomware attacks.

The US government has issued guidance on Steps to Safeguard Against Ransomware Attacks.

The Cybersecurity and Infrastructure Security Agency (CISA), Multi-State Information Sharing & Analysis Center (MS-ISAC), National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) have released a Joint Ransomware Statement with recommendations for state and local governments to build resilience against ransomware.

The steps that they include are simple:

  1. Back up systems—now (and daily). Immediately and regularly back up all critical agency and system configuration information on a separate device and store the backups offline, verifying their integrity and restoration process. If recovering after an attack, restore a stronger system than the one lost, fully patched and updated to the latest version.
  2. Reinforce basic cybersecurity awareness and education. Ransomware attacks often require the human element to succeed. Refresh employee training on recognizing cyber threats, phishing, and suspicious links—the most common vectors for ransomware attacks. Remind employees of how to report incidents to appropriate IT staff in a timely manner, which should include out-of-band communication paths.
  3. Revisit and refine cyber incident response plans. Have a clear plan to address attacks when they occur, including when internal capabilities are overwhelmed. Make sure response plans include how to request assistance from external cyber first responders, such as state agencies, CISA, and MS-ISAC, in the event of an attack.

 

Featured image: Motormille2 [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)]

Cloud is the future, serverless is the way to go

I’ve been hosting production workloads on Amazon Web Services for over 5 years now, and am also hosting production workloads on Azure and Google Cloud as well.

There seems to be a lot of enthusiasm for containerisation, and many are loving on kubernetes and docker. But this seems to merely be a cul de sac on the road to a serverless future.

There is a real opportunity to leap frog a generation of data centre and container technologies and deliver real value to the business. Many cite vendor lock in refutation of serverless. However, I have found the switching costs between cloud vendors to be minimal (but perhaps that depends upon the quality of one’s team?)

Of course, there are servers somewhere, but I no longer need to be concerned with them, they are always patched and available across multiple high availability zones. This means that I get to spend more of my budget on delivering value for the business rather than on ensuring we won’t get hacked because someone didn’t patch a server.

This serverless future must seem quite terrifying to the folks who have tended to the blinky lights on the machines all of their life. But if they do not embrace this future they will be displaced, because cloud is the future (unless, of course, there is some kind of global catastrophe – in which case we all have bigger problems).