Steven Sorensen | Lead Data Protection Engineer
vCORE Technology Partners | Nov. 19, 2020
With ransomware activity and cyber attacks skyrocketing during the COVID-19 pandemic, the FBI recently joined other U.S. agencies in issuing a warning of an imminent threat to hospitals and healthcare providers across the nation.
The FBI, the Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services, are urging healthcare organizations to take “timely and reasonable precautions” to protect their networks as bad actors target the industry with malicious loaders called TrickBot and BazarLoader.
This malware is being distributed through phishing campaigns that contain links to malicious websites or have attachments carrying the malware. Once compromised, the victim is provided with an encrypted email address through which to contact the attackers, who then request a sum of Bitcoin in exchange for decryption.
Cyber threats are increasing amid COVID-19
The coronavirus pandemic has forced tremendous changes across nearly every industry, and more employees than ever are working from home and, in some cases, using their own networks and devices. This shift is creating more opportunities for bad actors to enter into an environment.
Consider the following:
- Ransomware-laden emails have increased 4,000 percent during the COVID-19 pandemic (The Canadian Press)
- A cyber attack occurs every 39 seconds (Security Magazine)
- Cyber attacks represent $5.2 trillion of global risk over the next five years (Accenture)
- The average cost to an organization hit by cyber crime is $13 million (Accenture)
Amid these alarming trends, backup infrastructure and storage have become key targets for these attacks, and cyber criminals can quietly reside on an organization’s environment for weeks before “flipping the switch” and initiating a large-scale campaign. These well-planned, sophisticated attacks can leave the end-user without access to their data and can put a stranglehold on their business.
While organizations can take action to harden AD, storage, and application environments, a solid ransomware protection environment is quickly becoming another critical part of protecting the crown jewels of our infrastructure.
Deploying a modern solution for today’s threats
An air-gapped, immutable, tertiary copy of your data can be used to not only mitigate an attack, but also for detection. Cyber Recovery Vault from Dell Technologies is the first solution fully endorsed by Sheltered Harbor as the best approach to protecting and restoring your data.
Key attributes of a best-of-breed ransomware protection solution include:
- Write Once Read Many (WORM) copies
- Retention lock: Requires two people verified to delete data, and can lock down so no one can delete (even at root)
- Automated and Air-Gapped replicated copies: No indirect access to data. Network isolation and removal from management network
- Full context indexing with AI/machine learning analytics: Full content analytics, machine learning, and forensic tools to quickly detect cyber-attacks
- Enhanced recovery tools: In-vault intelligence tools to accelerate recovery of “clean copies”
Air-gapped recovery is gaining momentum in the industry in particular because of it’s capability in mitigating the impact of ransomware. This modern approach centers on data isolation, which includes keeping a copy of critical data off the network and creating multiple recovery points to ensure an uncompromised copy for recovery. (Source: Enterprise Strategy Group white paper)
How we can help
vCORE is the first partner in the Western U.S. to be certified to deliver Dell Cyber Recovery solutions and can help enterprises evaluate and, if appropriate, deploy this new technology.
We take a consultative approach to cyber recovery solutions, meeting with key stakeholders in the client’s organization to identify “crown jewels” of the environment, architect a solid solution to protect critical data, and deliver not just the solution, but provide knowledge transfer and runbooks to ensure successful day-to-day operations after the initial implementation.
For more information and to request an engagement with vCORE’s data protection team, contact us at firstname.lastname@example.org.
In addition to modern data protection solutions, there are numerous steps an organization can take to prepare itself for the rising ransomware threat. Some best practices recommended by the FBI, CISA and HHS include:
- Regularly back up data, air gap, and password protect backup copies offline.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.
- Patch operating systems, software, and firmware as soon as manufacturers release updates.
- Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled.
- Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
- Use multi-factor authentication where possible.
- Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.
- Implement application and remote access allow listing to only allow systems to execute programs known and permitted by the established security policy.
- Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
- Audit logs to ensure new accounts are legitimate.
More from the vCORE Technology Blog
Case Study: Modern Identity Solution Provides Business Agility for Station Casinos
5 Critical Cybersecurity Challenges IT Organizations Should Address Now
How Do You Protect Your Serverless Applications?