How to protect your organization against ransomware
In the summer of 2019, over the span of just a few days, 22 Texas towns were struck by a coordinated cyberattack called a ransomware attack†. As a result, Texas Governor Greg Abbott ordered a Level 2 Escalated Response, meaning that the scope of the emergency had expanded beyond what could be handled by local responders.
Ransomware—a malicious software that spreads across networks and shuts down computers until a ransom is paid—is typically spread through phishing emails or by someone unknowingly visiting an infected website. A spate of attacks in the first half of 2021 has put cybersecurity in the spotlight: From January to July 31, 2021, ransomware complaints to the FBI’s Internet Crime Compliance Center increased 62% compared to 2020‡. It is vitally important for both government entities and businesses to understand the dangers presented by ransomware.
"Ransomware is a problem that can affect any business, large or small, so it’s critical to plan in advance for how to both protect against it and respond to it if it does occur."
Chief Information Security Officer, Huntington Bank
Beyond the considerable financial impact an attack can have, the long-term disruption of business operations and the damage to reputation that can result from such an attack can be substantial. For example, the Colonial Pipeline Company ransomware attack in May of 2021 led to a temporary shut down of the largest fuel pipeline in the U.S., leading to short-term fuel shortages and increased gas prices§.
And if a critical service such as 911 dispatch is affected, lives could be endangered.
“Ransomware can come from many sources, such as organized criminal organizations, nation-state actors, or one-off cybercriminals. It could be targeted or indiscriminately deployed,” says Hilt. “Either way, organizations need to be thoughtful about how they implement technology to reduce the likelihood of an attack getting in and, if one does, how they will limit the ‘blast radius’ to prevent an infection from propagating to critical systems.”
To help protect your organization from similar attacks, here are few things to consider:
Train employees and vendors
- Require that all employees take at least annual training on cybersecurity to equip them with the knowledge to identify and quarantine phishing and malicious emails, avoid clicking on suspicious links or attachments, and use strong passwords that are changed periodically.
- Review third-party connections and limit access to minimal essential functions.
- Keep all computer operating systems and applications up to date with relevant security patches.
- Back up all critical systems and data and, just as important, periodically verify the integrity of the backup and restoration process.
- Ensure antivirus, malware protection, and email security software are in place, active and on current versions.
- Provide a layered defense for critical systems and data. “Critical systems especially should take a belt-and suspenders-approach to ensuring they are protected,” says Hilt.
- Reduce or eliminate the use of vulnerable connection methods such as Server Message Block or Remote Desktop Protocol into your network. WannaCry, a May 2017 worldwide cyberattack, spread because of a vulnerability in the Server Message Block protocol¶.
The rise in ransomware is part of an overall increase in destructive malware attacks worldwide. As a result, it is more important than ever to put practices that can help protect your organization to use.
“Organizations should have a well-practiced response plan for cybersecurity events in general, but it’s especially important to have one for ransomware, where time can be of the essence for containment,” Hilt says. “You must know who and how to engage internal resources as well as external parties like law enforcement.”
Contact your Huntington relationship manager to discuss the cybersecurity best practices and Huntington products that can help you reduce your cybersecurity and fraud risks.
†NPR. 2019. "Ransomware Attack Affects Computers In 22 Towns In Texas." Accessed September 23, 2022.
‡Cybersecurity & Infrastructure Security Agency. 2021. “Alert (AA21-243A) Ransomware Awareness for Holidays and Weekends.” Accessed February 11, 2022.
§Department of Energy; Office of Cybersecurity, Energy Security, and Emergency Response. 2021. "Colonial Pipeline Cyber Incident." Accessed September 23, 2022.
¶CNET. 2017. “WannaCry ransomware: Everything you need to know.” Accessed February 14, 2022.
The information provided in this document is intended solely for general informational purposes and is provided with the understanding that neither Huntington, its affiliates nor any other party is engaging in rendering tax, financial, legal, technical or other professional advice or services or endorsing any third-party product or service. Any use of this information should be done only in consultation with a qualified and licensed professional who can take into account all relevant factors and desired outcomes in the context of the facts surrounding your particular circumstances. The information in this document was developed with reasonable care and attention. However, it is possible that some of the information is incomplete, incorrect, or inapplicable to particular circumstances or conditions. NEITHER HUNTINGTON NOR ITS AFFILIATES SHALL BE LIABLE FOR ANY DAMAGES, LOSSES, COSTS OR EXPENSES (DIRECT, CONSEQUENTIAL, SPECIAL, INDIRECT OR OTHERWISE) RESULTING FROM USING, RELYING ON OR ACTING UPON INFORMATION IN THIS DOCUMENT OR THIRD-PARTY RESOURCES IDENTIFIED IN THIS DOCUMENT EVEN IF HUNTINGTON AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF OR FORESEEN THE POSSIBILITY OF SUCH DAMAGES, LOSSES, COSTS OR EXPENSES.
Third-party product, service and business names are trademarks/service marks of their respective owners.