Ransomware Unveiled: The Business Impact and Prevention Strategies
Published 02/13/2024
Originally published by Schellman.
In the ever-evolving digital landscape, the sophistication of cybersecurity advances runs in parallel with the advancing cyberattacks. Among these varied threats, ransomware, and what can be its devastating impact, remains a prominent concern as it becomes clear that no organization is safe.
It’s important to remember that even companies deemed highly secure aren’t unbreachable. Take Caesars Entertainment and MGM Resorts, for instance—the two prominent high-profile gaming and entertainment companies recently fell victim to ransomware attacks, resulting in significant media coverage and substantial damage to their reputation.
The successful ransomware attack on these two prominent corporations serves as a stark reminder of this constant threat we all face in today’s interconnected world, and this article will delve into the unfolding saga of these attacks before offering insights into what we can learn, as well as essential preventive measures to safeguard your business.
What is Ransomware and How Does it Work?
First, an explanation of the specific attack: Ransomware is malware designed to encrypt a victim's files, databases, and even entire computer systems in order to render them inaccessible. Malicious actors hold the victim's system or critical data hostage until a ransom is paid to the attacker—sometimes, they work so swiftly that the organization has no time to react.
Ransomware attacks typically involve these key steps:
- Breach: Attackers gain access to your network, often using phishing or spear phishing attacks against your organization or highly privileged users within your organization. Social engineering remains the most common attack vector for adversaries to initially compromise an organization, whether through ransomware or not.
- Encryption: Once an attacker gains the privileges to run and deploy their malware, data across a company's network can rapidly be encrypted so that employees will no longer have access to that data (and the key for decryption is held by the attacker). Sensitive data is often also exfiltrated by cybercriminals prior to encryption, amplifying the potential damage of a ransomware attack.
- Ransom Demands: Attackers will then leave instructions in the form of a file or on-screen notification that instructs victims regarding the recovery process for their encrypted data. Attackers typically leverage the threat of leaking stolen data during negotiations, during which they request payment—often in the multimillions—in the form of cryptocurrency, such as Bitcoin, to mitigate the likelihood of their being caught.
- Post-Payment: Even if a victim pays the ransom, there’s still no guarantee the malicious actor will provide them with the decryption key to unlock the encrypted data—as attackers are highly unpredictable, paying the ransom could leave the victim with a massive financial loss and unrecoverable data. There’s also the possibility that the attacker established capabilities to remain within the organization’s network, which provides persistent to execute further attacks.
Understanding the Recent, Ongoing Ransomware Attacks
Unfortunately, these ransomware attacks have become a concern for businesses worldwide—most recently for MGM and Caesars.
In a report to the Securities and Exchange Commission, Caesars Entertainment acknowledged it had suffered a “cybersecurity issue” on September 7, 2023.According to other reports, Caesars paid roughly $15 million to the hackers who obtained a copy of Caesars’ loyalty program database, which included driver's license numbers and/or social security numbers of a significant portion of its rewards members in the database, among other data.
Meanwhile, according to a statement made by ALPHV, MGM shut down computers and Okta Sync Servers inside their network after hackers called into the MGM IT helpdesk, impersonated an employee, and eventually obtained credentials in a successful vishing attack. By the time MGM discovered the attackers’ presence, they’d already gained Global administrator privileges in MGM’s Azure tenant and Okta environment, and by September 11, upwards of 100 ESXi hypervisors in their system had been encrypted. Right now, it remains unknown if PII information is contained within the exfiltrated data taken by the malicious actors, as MGM is refusing to communicate with the adversaries.
The Impact of a Ransomware Attack on Your Business
These companies—and others—have taken different approaches when negotiating with malicious attackers, but none have ever avoided negative fallout that’s more than just an unexpected ransom sum to pay. Falling victim to ransomware will also mean:
- Extensive Financial Losses: Yes, ransomware attacks often demand large sums of money in exchange for decryption keys—while that would be a significant financial loss, costs may skyrocket further still due to recovery efforts and legal fees (even if you don’t pay the ransom!).
- Operational Disruption: Ransomware can paralyze business operations which can lead to downtime, lost productivity, and missed opportunities, ultimately affecting your bottom line.
- Data Loss: In some cases, ransomware attackers threaten to leak sensitive information—or even outright destroy it—and losing valuable data can affect your reputation, regulatory compliance, and customer trust.
- Reputation Damage: Leaked data or not, a publicized ransomware attack can tarnish your brand, as customers may lose confidence in your ability to protect their data, potentially leading to long-term damage.
- Resource Drain: Dealing with a ransomware attack requires significant resources, from IT experts to legal counsel, which would mean diverting them from growth initiatives, potentially hindering your business's overall development. What’s more, you may also need to invest in stronger cybersecurity measures after an attack to prevent future incidents.
How to Protect Your Organization from Ransomware
All this makes avoiding ransomware attacks a necessity, but actually preventing them demands not just vigilance, but a multi-faceted and proactive approach.
As part of the cornerstones for resilience, the below practical measures can help against ransomware and other cybersecurity threats:
Recommended Cybersecurity Practice | Details |
Regular Data Backups: | Routinely backup all critical data and ensure that backups are stored securely, offline, or in the cloud with robust access controls. |
Strong Password Policies: | Implement and enforce strong, unique passwords and implement multi-factor authentication (MFA) wherever possible. |
Security Audits and Penetration Testing: | Regularly assess your cybersecurity posture through security audits and penetration testing to identify vulnerabilities. |
Employee Training: | Continuously educate your employees about the latest threats and how to recognize and report potential security risks. |
Incident Response Plans: | Develop and regularly update an incident response plan, ensuring everyone in your organization knows their role in case of an attack. |
Regular Updates and Patch Management: | Stay current with software updates and security patches to plug known vulnerabilities. |
Vendor Risk Assessments: | Evaluate the security practices of third-party vendors that have access to your systems or data. |
Related Articles:
CSA Community Spotlight: Nerding Out About Security with CISO Alexander Getsin
Published: 11/21/2024
The Lost Art of Visibility, in the World of Clouds
Published: 11/20/2024
Top Threat #5 - Third Party Tango: Dancing Around Insecure Resources
Published: 11/18/2024
The Rocky Path of Managing AI Security Risks in IT Infrastructure
Published: 11/15/2024