Ransomware is a threat to all industries, and heat treating is no exception! This article is here to give heat treaters the "how-to" of responding to ransomware, to help keep operations safe and running smoothly.
Today's read is a feature written by Joe Coleman, cybersecurity officer at Bluestreak Consulting™. This column was first released in Heat Treat Today's November 2023 Vacuum Heat Treat print edition.
Introduction
Today, the threat of being infected with ransomware is everywhere. Ransomware attacks have grown increasingly sophisticated and widespread, leading to substantial financial harm, emotional distress, and damaged reputation to those unfortunate enough to become victims.
In this article, we’ll cover ransomware — describing what it is, how it works, and most importantly, how you can protect yourself from becoming its next target. Equip yourself with the knowledge and proactive strategies required to protect your digital assets, data, and systems.
What Is Ransomware?
Ransomware is a cyber threat that wreaks havoc on businesses by encrypting computer files and extorting a ransom from victims for their release. Once your system falls victim to this malicious software, it can spread to connected devices, such as shared storage drives and other network-accessible computers. Even if you comply to the ransom demand, there’s no guarantee of full data recovery, because cybercriminals may withhold decryption keys, demand additional payments, or even delete your data. It’s important to note that the federal government strongly discourages paying ransomware demands, as it fuels criminal activity.
What Can I Do To Prevent Ransomware Attacks?
Frequent and Routine Backups: Perform regular backups of your system and essential files, and consistently verify their integrity. In the case that your computer or system is infected with ransomware, you can restore them to a previous state using these backups.
Keep Software Updated: Ensure that your applications and operating systems are up to date with the latest software/security patches. Most ransomware attacks target vulnerabilities in outdated software.
Secure Backup Storage: The best practice is to store your backups on a separate device that is not connected to the network, such as an external hard drive. Even better, consider storing your backups offsite at a different location. After completing the backup, disconnect the external hard drive or isolate the device from the network or computer.
Exercise Caution with Links: Exercise caution when dealing with links and entering website addresses. Be especially vigilant when clicking on links in emails, even if they appear to be from familiar senders. It’s advisable to independently verify website addresses. You can do this by reaching out to your organization’s helpdesk, searching the internet for the sender’s organization website, or researching the topic mentioned in the email. Pay close attention to both directly clicking the link to and manually entering the address of a website, as malicious sites often mimic legitimate ones with slight spelling variations or different domains (e.g., .com instead of .net).
Cybersecurity Awareness Training: Businesses should prioritize providing cybersecurity awareness training to their personnel. Ideally, organizations should conduct regular, mandatory cybersecurity awareness training sessions to ensure their staff stay well informed about current cybersecurity threats and techniques employed by threat actors. These training sessions should occur at least once a year. Additionally, organizations can enhance workforce awareness by testing their personnel with phishing simulations that replicate real-world phishing emails, as well as different types of face-to-face social engineering to try to get usernames/ passwords.
Responding To a Ransomware Attack
Isolate the Infected System: Disconnect the infected system immediately from the network to prevent the spread of the infection.
Identify Affected Data: Determine what data have been affected. Sensitive data, such as customer’s electronic CUI (controlled unclassified information), may require additional reporting and mitigation measures.
Check for a Decryption Key: Explore on the internet to see if a decryption key is available. Online resources like www.nomoreransom.org can be helpful.
Restore from Backups: Restore your files from regularly maintained backups.
Report the Incident: Report ransomware incidents. Consider reporting to your local Federal Bureau of Investigation (FBI) field offices or the Internet Crime Complaint Center (IC3) at www.ic3.gov.
Do Not Pay The Ransom: Emphasize the importance of not paying the ransom as it can encourage additional criminal activity.
About the Author:
Joe Coleman is the cybersecurity officer at Bluestreak Consulting™, which is a division of Bluestreak | Bright AM™. Joe has over 35 years of diverse manufacturing and engineering experience. His background includes extensive training in cybersecurity, a career as a machinist, machining manager, and an early additive manufacturing (AM) pioneer. Contact Joe at joe.coleman@go-throughput.com.