For criminal-minded hackers, business is booming. Ransomware attacks on major businesses have been featured heavily in the news throughout 2021. Some of these have been high-profile, such as the attacks on the Colonial Pipeline, JBS (the world's largest meat packer), or the large ferry service Steamship Authority. There are a number of ransomware gangs, Ransomware-as-a-Service providers, and types of ransomware out in the wild. You may be familiar with names like Conti, Ryuk, or GandCrab, for example. Trojans remain a threat to businesses, with some of the most well-known being Emotet and TrickBot. Emotet, Trickbot, and GandCrab all rely on malspam as their primary vector of infection. These malicious spam emails, disguised as familiar brands, trick your end users into clicking malicious download links or opening an attachment loaded with malware. In an interesting twist, Emotet has evolved from being a banking Trojan in its own right into a tool for delivering other malware, including other banking Trojans like Trickbot. So what happens when cybercriminals are able to hack into your network? Emotet, for instance, hobbled critical systems in the City of Allentown, PA, requiring help from Microsoft’s incident response team to clean up. All told, the city racked up remediation costs to the tune of $1 million. GandCrab is just as awful. It’s been estimated the ransomware with the gross sounding name has already netted its authors somewhere around $300 million in paid ransoms, with individual ransoms set from $600 to $700,000.
How to protect your business from hackingIn light of the ransomware and Trojan attacks currently favored by criminal hackers, the question now is: how can I protect my business from hacking? Here’s some tips for staying safe.
- Implement network segmentation. Spreading your data across smaller subnetworks reduces your exposure during an attack. This can help contain infections to only a few endpoints instead of your entire infrastructure.
- Enforce the principle of least privilege (PoLP). By only giving users the access level they need to do their jobs and nothing more you can minimize the potential damage from ransomware attacks.
- Backup all your data. This goes for all the endpoints on your network and network shares too. As long as your data is archived, you can always wipe an infected system and restore from a backup.
- Educate end users on how to spot malspam. Users should be wary of unsolicited emails and attachments from unknown senders. When handling attachments, your users should avoid executing executable files and avoid enabling macros on Office files. When in doubt, reach out. Train end users to inquire further if suspicious emails appear to be from a trusted source. One quick phone call or email goes a long way towards avoiding malware.
- Educate staff on creating strong passwords and implement some form of multi-factor authentication (MFA)—two-factor authentication at a bare minimum.
- Patch and update your software. Emotet and Trickbot rely on the Windows EternalBlue/DoublePulsar vulnerabilities to infect machines and spread across networks so keep your systems up-to-date.
- Get proactive about endpoint protection. Malwarebytes, for example, has multiple options for your business with Endpoint Protection and Endpoint Detection and Response.