A 2017 article in Business Insider said that that year would be the "year of ransomware." That was the year that shipping giant Maersk suffered a ransomware attack that cost it between $200-300 million, and forced the company to use Post-It notes to move goods.
If 2017 was the year of ransomware, then 2020 and 2021 have ushered in something worse. Not a day goes by without mention of yet another ransomware attack. From attacks on healthcare institutions—like the 27 in France in 2020, or the over 600 clinics and hospitals in the US—to the education sector, which is now the leading recipient of such attacks, leading to "ransomware days" becoming more common than snow days, ransomware is a way of life. It is now, according to Department of Homeland Security Secretary Alejandro Mayorkas, a "national security threat."
That statement was given before the latest ransomware attack to take place. Last week, Colonial Pipeline, operators of a fuel pipeline that supplies 45% of the gas and jet fuel supplied to the East Coast, said that it had been hit by a ransomware attack. Certain systems were taken offline; pipeline operations were temporarily halted. Some 100 gigabytes of data was stolen, and the hackers reportedly are threatening to leak the data if the ransom is not paid.
The group responsible is called DarkSide, a so-called ransomware-as-a-service organization that the FBI has said is based in Russia.
This attack has made waves because of the potential impact; a gas shortage on the East Coast would bring chaos.
Whether the pipeline leads to shortages is unclear. What is clear is that ransomware is about to become a buzzword in every home and business.
Maybe it should've been already. The total cost of ransomware payments doubled year-over-year for the first half of 2020.
There were multiple attacks at hospitals. One at Vermont's largest medical system was so bad that the electronic records were down for nearly a month, doctors were forced to turn away hundreds of cancer patients, and were only able to treat 25% of its normal chemotherapy patients. There were attacks on transportation agencies and on public utilities. A city in Missouri had its residents pay bills via a drive-through window after online systems were attacked. In Florida, Broward County Public Schools, the sixth-largest school district in the U.S., announced that it was hacked by a group demanding $40 million in ransom, to which one negotiator replied, "This is a PUBLIC school district. You cannot possibly think we have anything close to this!"
Defending against ransomware will become the topic du jour, both as a matter of national security and to protect companies of all sizes, in all sectors. If you haven't before, you need to bolster your protection.
The number one cause of breaches is email, and 96% come through social actions like phishing. That means you need a solution that stops breaches before they start. Avanan sits behind email, meaning Avanan can stop malicious attacks before they come into the inbox. Further, Avanan developed a machine learning algorithm that detects anomalous and suspicious behavior. Here are some of the behaviors that Avanan's algorithm will monitor and flag:
- Multi-BCC emails, emails with malicious content, deleted sent messages, etc.
- Email rules that demonstrate embed behavior
- New API connections, especially to new or untrustworthy apps
- Connection of shared services, public folders, etc.
- By correlating between the different behaviors, we build a full picture assessing what damage was done and what vulnerabilities now exist.
- Deviation for the user's standard behavior profile - devices, geos, time-of-day, etc
As soon as Avanan is deployed, we scan the historical data in the logs to quickly report on accounts that are suspected to be compromised.
Further, Avanan protects your entire suite of applications, whether it's file-sharing services like OneDrive and ShareFile or collaboration apps like Slack or Microsoft Teams. Avanan scans your entire cloud for malware—every message, file and app.
As more unfolds about the Colonial attack, more about ransomware will be written. One thing, though is clear: now, more than ever, is the time to bolster your security. Beginning with email is a good way to start.