FBI ransomware warning extends to well, almost everyone.

Print Friendly, PDF & Email

If  you were not a municipality or school district, you might have been feeling ok about the recent  ransomware  attacks.   After all – it looked like criminals were just targeting cities and schools in the US, and if you were not in one of those categories,  you might have felt it was business as usual.   But now the FBI  (IC3)  has issued a  critical alert  on the ransomware threat to  not only state and local government but also healthcare, industrial companies, and transportation – their first since 2016.   The alert was issued following some  recent  high–profile attacks on manufacturing  and  healthcare,  but might also be in response to concerns that the federal government  is not doing enough  to combat this  threat.

The reason that the FBI has issued this warning is, in part, due to ransomware infrastructure vulnerabilities being  very similar.  The same issues that were a problem for municipalities  and schools are writ large for healthcare and manufacturing.  Businesses  and hospitals  not only arguably have larger pocketbooks,  but they also may have data that is worth more. In many cases, ransomware is the secondary assault on victims – the first is stealing the data.  If social security numbers are worth  $1 – $8  on the dark web,  credit card information  is worth $110  and  personal  medical  records can be  worth  as much as $1000  on the dark web.

And it’s not just in the US. Recently, a manufacturer in Denmark,  Demant, was hit with an attack that will cost as much as  95 million dollars to recover from.  And  seven hospitals in Australia  were crippled by ransomware that shut down financial and patient booking systems. There were three hospitals in Ontario, Canada that were hit by the “Ryuk” ransomware  – and experts have warned that other Canadian hospitals may have also been affected.

The ransoms that are being asked for are in some cases, astronomical, especially when compared to ransoms that were requested  not  even 6 months ago.  The ransom in the Baltimore case was  13 bitcoins or about  $76,000  in May.   That pales in comparison to the 5.3 million dollars that  the New Bedford, MA was asked for in  July.

So what is the FBI advising that  organizations do to protect themselves?   Here are some of the FBI  recommendations and examples of how Barracuda’s solutions can help implement them:

  • FBI – “Regularly back up data and verify its integrity.” The very first thing that the FBI  advises is to back up your data. The FBI  notes that backups are critical in ransomware and are the best way to recover your data.  With the right backup,  ransomware  recovery can be a matter of hours as this Barracuda Backup case study shows.
  • FBI – “Focus on  awareness and training.”  To prevent an attack, the FBI recommends that businesses of all sizes focus on security awareness and training. A team of users who are well versed in security-best practices can provide an additional line of defense in your fight against ransomware. Consider a solution like Barracuda PhishLine, which leverages simulation testing and video training to teach employees and staff to recognize and report ransomware threats like phishing, SMiShing (SMS/text), Vishing (Voicemail) and physical media (USB drives and similar.) There is also  A.I. based dedicated spearfishing and cyber-fraud defense  to prevent fraudulent emails from reaching end-users in the first place. As most ransomware attacks start with email, it makes sense to bulwark this protection as much as possible.
  • FBI – “Employ best practices for RDP,  including port  control  and  multi-factor authentication.”   The  SamSam  ransomware variant that hit  Atlanta  likely  gained access through  RDP.   Barracuda CloudGen Firewall provides multi-factor authentication and  deep packet inspection.
  • FBI – “Configure access controls with the least privilege in mind.” If people don’t really need access, don’t give them access as the fewer people with access, the more secure you will be. Next-generation firewalls generally offer access control. Barracuda CloudGen Firewall offers access control as well as advanced security analytics so you can see exactly what is happening with your network activity, web activity and security.
  • FBI – “Implement application allow-listing.  Only allow systems to execute programs known and permitted by security policy. This can help prevent  unknown  or malicious applications from  causing havoc in your infrastructure.” Barracuda WAF, and  WAFaaS  protect your infrastructure to an even greater extent  with application  learning where you can build positive security profiles for applications  by  sampling web traffic from trusted hosts. Once enabled, the positive security profiles allow administrators to enforce granular allow list  rules on sensitive parts of the application. This greatly reduces  the risk of attacks and helps prevent zero-day vulnerabilities.
  • FBI – “Use virtualized environments to execute operating system environments or specific programs.” Barracuda Advanced Threat Protection offers sandboxing to make sure that suspicious files and attachments are detonated in an isolated environment before they are allowed to enter the network.
  • FBI – “Categorize data based on organizational value, and implement physical and logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and network  segment as an organization’s email environment.”   Firewalling and  micro-segmentation  can be used to implement these strategies.  Barracuda CloudGen Firewall provides granular security controls that allow network administrators to deploy a zero-trust strategy throughout the company.  Data and applications can be securely segmented based on the needs of the organization.

As the ransomware arms race escalates, attackers are growing more sophisticated in the targets that they chose and the methods they employ. The good news is that the tools and techniques available to counter those attacks are also ramped up. It is up to the organizations  at risk to choose the right partners to help them successfully combat every attack  possible.

Scroll to top