Use this analysis of the biggest ransomware attacks of 2020 (so far) to create a stronger cybersecurity plan.
Ransomware is everywhere – or at least that’s what it feels like, and it was just as popular in 2019. These lessons learned from the biggest ransomware attacks of 2020 give businesses essential insight into how to stop ransomware from putting the brakes on their recovery as they try to bounce back from a tumultuous year.
Protecting highly privileged credentials is vital.
The city of Florence, Alabama learned this lesson after paying more than $290K to a gang of cybercriminals who encrypted the city’s data and shut down their email system after the password of their Manager of Information Systems was compromised. The DoppelPaymer ransomware gang was also able to attack nearby cities in the incident. (crn.com)
Administrator passwords and other highly privileged credentials are the keys to the kingdom for cybercriminals. Use a secure identity and access management solution to protect them. Not only does multifactor authentication add an additional layer of security against bad actors attempting to penetrate your systems with a stolen password but Secured Shared Password Vaults also allow important credentials like an administrator password to be stored under extra protection.
Even IT Pros can be duped by phishing.
You would think that an IT professional would be cognizant of a suspicious link, but defense contractor CPI learned that’s not necessarily the case the hard way after an administrator clicked on a malicious link, unleashing a vicious ransomware attack that quickly infected the company’s systems, including backups. The ransomware gang responsible walked away $500K richer, and the defense contractor spent months recovering from the incident.
Anyone can be hooked by a phishing attack, and phishing is the most common way that ransomware is delivered. From the interns to the C Suite, every user on a company’s network must be regularly trained and tested in phishing resistance. No one’s time is too valuable, and no one is “too knowledgeable” to be taken in by a phishing attack, especially a carefully crafted spear phishing attempt. By consistently and regularly refreshing user training with Optistar’s Security Awareness Training, everyone becomes more cautious about potential phishing attempts, and staffers are more likely to report a suspicious message than interact with it.
To learn more about our Security Awareness Training, visit www.optistartech.com/sat/ and sign up for a 45-day free trial.
Also, we recently posted a great article on our blog here which defines The Dark Web. Learn more: www.optistartech.com/darkweb-defined/. To find out if your company credentials are already for sale on the Dark Web, be sure to visit www.optistartech.com/darkweb/ for a free scan.