Case Study

Case study - Security and Ransomware

Case study - Security and Ransomware Post Cover

The entire administration of the district paralyzed by a hacker attack

At the beginning of July, several servers of the district had been encrypted with so-called ransomware during the cyber attack. The term ransomware stands for a type of malicious program that restricts or prevents access to data and systems. Either such a malicious program blocks complete access to the system or it encrypts certain user data. A ransom is demanded from the attackers to decrypt and thus release the data. The attack on the district administration in Bitterfeld was followed by a ransom demand.

Similar attacks were also carried out on the University Hospital in Düsseldorf and a major American corporation last year. In other words, these hacker attacks are not isolated incidents.

Number of ransomware attacks on the rise

The German Federal Office for Information Security (BSI) warns: The frequency of attacks by encryption Trojans has never been as high as it is today. Our IT security experts have also been able to gain some experience over the last few years, and it is clear from their experience that up to 60 percent of both larger and medium-sized companies have already experienced a ransomware attack. Especially in times of the pandemic with its home office phases favors ransomware attacks: many employees are not sufficiently protected against cybercrime outside the IT security architecture of their company.

However, one thing is striking about the affected companies, the ones affected by these attacks are in many cases those who are too little or not at all engaged in the challenge of digital transformation. In this latest case, too, the weak point lies in the lack of progressive renewal in the IT sector. According to the authorities, the problem here was probably a Microsoft security gap, which came about because Microsoft services were used that the manufacturer claims have been running for years without manufacturer support and have long since been replaced by newer versions. For some time now, warnings have been issued about this security vulnerability, because it has already been actively exploited. A patch was not yet available, but Microsoft advised an interim solution until a security update could be offered - which then happened on July 7. The district's IT was probably compromised on July 6. There is little that can be done about the security vulnerability itself,

if you are not Microsoft. But the fact that you have to take such warnings seriously and act immediately, because well-organized criminals react quickly to new vulnerabilities, is one of the lessons that all too many people and companies have to learn bitterly these days.

Protection against ransomware

In addition to general protective measures against malware, such as applying updates, general caution with e-mails and so on, a backup always offers protection as long as the backup medium is physically separated from the original data carrier. However, this is not the purpose of an up-to-date backup, and ransomware often only becomes apparent after other data media, including NAS network drives, have already been infected.

Although the cloud backup is constantly connected to your PC and backs up continuously, it protects against ransomware by versioning the data as a rule. In advance, you should therefore rely on the 3-2-1 backup strategy. This means regularly making three copies of all data, on two different types of media with one copy off-site; for example, in a cloud or other storage medium that has no connection to the company network. In this way, data blocked by the ransomware can be restored. So if the data in the backup was infected and encrypted on day X, this does not affect the data from the previous day and before. In this way, only the most recent files remain lost, because no programs can be started in the backup data in the data center, so that no "skipping" of malicious code is possible there.

Conclusion

Anyone who wants to be armed against extortion software and generally against security incidents in their It should pay attention to the following. Companies should not shut themselves off from new technology, especially in times of digitalization. Of course, they should not blindly follow every new technology trend and thus spend huge amounts of money. It is much more important to look for a partner who acts as a consultant and thus understands the possibilities and potential of enterprise and new technology and applies it in the best possible way to the needs of the company. The cloud in particular offers incredible potential in terms of security and innovative applications. Rely on this innovative cloud technology by arming yourself for progress together with a cloud partner.

Protect yourself from threats such as ransomware by regularly creating backups, centralizing your IT security with a partner or a dedicated IT expert, so that you don't have to use a backup in the first place.

Regular updating of operating systems and software is an important measure to prevent cyber attacks from creating security gaps.