Ransom defense

Ransomware Campaigns Underscore Need for Dynamic Security

siri oaklander / 11.14.19

Shipping services firm Pitney Bowes has recently joined the growing ranks of businesses targeted by high-impact ransomware attacks—in their case, the Ryuk virus.

The Ryuk virus has also been named as the culprit in recent data breaches spanning both global and domestic industries, targeting several cities in Florida and Massachusetts, as well as media companies such as Tribune Publishing, and France’s M6 Group. The escalating occurrence and impact of these ransomware attacks triggered a recent FBI advisory, which notes that malware campaigns appear to be increasing in sophistication.

According to statements released by Pitney Bowes, the Ryuk virus did not appear to impact customer or employee data—however, it did disrupt customer access to key services for a period of days.

With more than 1.5 million clients worldwide (including a list of Fortune 500 companies) Pitney Bowes processes more than 16.5 billion pieces of mail annually—as well as providing “presort” and cataloging services critical to the U.S. Postal Service. Pitney Bowes has yet to detail the extent of the impact on their business, however, one can assume it was significant.

Most targeted businesses opt not to cooperate with ransomware demands, eschewing extorted payment in favor of addressing the impacts of a data breach through other means; still, the financial impact to operations (through loss of customer uptime, advertising revenue, and so forth) combined with the cost of post-attack reparation often far exceeds the payment requested.

In early September, a ransomware attack similar to that at Pitney Bowes impacted Entercom (the largest radio broadcaster in the U.S.). While broadcasting itself was not affected (all stations remained on-air throughout the breach) the malware took internal networks and email servers offline for nearly two weeks.

While Entercom opted not to pay the requested ransom, according to a recent article on RadioInsight, their first-quarter earnings report indicated repair costs which far exceeded the $500k demanded by attackers—in addition to nearly $800k in lost advertising revenue. This aptly demonstrates the potential impact and reach of a similar data breach and underscores the need to proactively manage security risk.

Proactive, Anticipatory Defense Efforts are Required

This type of data breach is nefarious by nature. Without effective preventative measures, by the time the threat has been detected, it has already done significant damage. Proactive, anticipatory efforts are required to defend a system against malware and ransomware attacks, however, security professionals often struggle to quantify and communicate the risks.

Here are some actionable steps and guidelines:

  • Focus on the fundamentals. Eliminate blind spots by discovering and instrumenting all assets to continuously evaluate them for vulnerabilities and harden them. Most breaches occur through known issues, so this is critical to reduce the attack surface targeted by bad actors.
  • Be thorough. Comprehensive security coverage is essential. Have an iterative discovery and assessment process, and build a practice that includes issue follow-up, and confirmation of fixes and repairs.
  • Automate. Automation reduces the cost of assessing security risks and addressing them. This makes it possible for security to keep up with the rate of change in modern environments and increases the incentive for investing in proactive security efforts.
  • Monitor consistently (and continuously). Assessing for weaknesses frequently is important as assets and community knowledge change. It is also important to monitor assets for changes or security events that may indicate compromise.
  • Improve resiliency. Paying an attacker should be your last resort—and while risk may never be eliminated, it can be drastically reduced. Ensure that your backup and recovery strategies are both comprehensive and resilient. Test and review your backup systems frequently, to ensure proper functioning before the need arises.

Malware and Ransomware Threats are Not Going Away

The escalating prevalence of malware and ransomware attacks, such as the Ryuk virus infection at Pitney Bowes, indicates that these threats are here to stay. The leverage used by attackers to extract ransom has a direct impact on the business, as it offers immediate and definable risk to both operational continuity and finances (in the form of direct loss of revenue, as well as potential liability from data exposure).

Pitney Bowes is a backbone service, which means that the potential impact of even a minor breach has a rippling effect. From a business standpoint, security is a type of risk management and while unfortunate, the significant risk posed by malware and ransomware attacks offers an opportunity for security professionals to quantify the risk of potential exposure as a direct impact on the business.

Comprehensive risk management and mitigation can be more effectively communicated (and justified) by security professionals through the conveyance of projected operational and financial impact. As these events become more common, preparation becomes ever more essential to risk mitigation—and to the overall structure and execution of your security strategy.

Learn how the CloudPassage Halo cloud workload protection platform can help you defend against ransomware.

Get a free vulnerability assessment of your cloud infrastructure in 30 minutes.