Ransomware Rises as REvil Resurfaces – Will You Be Ready?
Thousands of businesses in seventeen countries have been affected by the latest ransomware attack… How many were prepared?
It looks like REvil, one of the most prolific and profitable of all known cyber-criminal groups in the world, is at it again. The same group that attacked JBS, the world’s largest meat supplier, has now attacked Kaseya, a US information technology firm. Kaseya provides software tools that handle back office administrative functions for small to midsized businesses on all five continents, and now many of these companies are paralyzed.
The hack was sinisterly clever, infiltrating networks and scrambling data. All of the victims have been promised a decoder key to unscramble their data when the massive $70 million dollar ransom demand is met with a cryptocurrency payment. For a more in-depth view of the attack and its devastating effect, you can find an excellent analysis by the Washington Post.
The White House and the FBI are involved in the current investigation and threatening to involve Russia in the aftermath. But for those ensnared, other than offering to pay their share of the ransom or depending on others, what can they do to get back to business? Even more importantly, what percentage of the companies are prepared for the inevitability? And for those wondering, what does proper preparation look like?
Given that the affected small to midsized companies were outsourcing back-office functions, it is unlikely that any of them have invested in developing an Information Security Team. That’s OK, because as long as they understand that their data is their most important asset, and that their business is crippled without it, they brought in an outside party to help. So, for those who brought in the proper Information Security and Privacy Team, what separates the survivors from the victims?
Step one, who had established a hardened security posture? Which companies developed mature Incident Response Plans, with defined roles and responsibilities? Which companies understood the proper escalation path for their response, and had a strong incident response toolset in place? And finally, which companies had a plan to back up their data to a sufficient point in time that they didn’t need the encryption key to stay in business?
I hope that all businesses understand the criticality of this conversation. The decision to make the small investment to review your incident response readiness posture could be a the most important business decision you make all year. For those those without a plan or those in need of a second opinion, please reach out to Layer 8 Security. We’re here to help.