All Exclusives

W. Curtis Preston Urges Proactive Measures to Combat Escalating Ransomware Menace

This week we invited “Mr. Backup”, W. Curtis Preston, to join us on the most recent episode of our weekly Rundown of the week’s news, focusing on the escalating ransomware landscape. These attacks continue to wreak havoc across various sectors, targeting critical industries and inflicting substantial financial and operational losses.

Ransomware Everywhere

Federal authorities have issued warnings about the surge in cyber attacks exploiting high severity vulnerabilities, notably within Veeam software, which not only allows unauthorized access but also amplifies the risk of ransomware deployment. The implications are dire, particularly for healthcare organizations heavily reliant on Veeam for robust data protection, exacerbating concerns regarding these attacks.

Moreover, specific incidents like the ransomware attack on Dole have demonstrated the severe consequences, resulting in a direct cost impact of $10.5 million. Although their data protection system performed as designed, the subsequent restoration process incurred an additional cost of approximately $6 million. This hefty price tag, coupled with the operational disruptions endured while their systems were down, further underscores the detrimental aftermath of ransomware attacks.

Another case in point is the ongoing assault on the Dallas municipal court building, which has not only disrupted legal proceedings but also potentially exposed sensitive information. Regrettably, these instances are not isolated, as demonstrated by a ransomware group’s assault on Costa Rica’s federal infrastructure. In a single blow, the group incapacitated crucial federal agencies akin to the FBI, CIA, and Supreme Court, even targeting their backup systems. The repercussions persist even a year later, with Costa Rica still grappling to rebuild their federal infrastructure from scratch. These alarming events underscore the importance of contemplating the broader ramifications—ransomware attacks threaten not only financial losses but also the very existence of an organization.

What Can Be Done About Ransomware?

W. Curtis Preston emphasized the criticality of understanding the gravity of the ransomware landscape. The potential for a company’s demise looms large, making it imperative to secure backup infrastructure as the last line of defense. Safeguarding the backup system requires implementing preventive measures to detect and prevent ransomware, alongside bolstering overall infrastructure security. One key aspect is to disallow direct access to the backup system from active directories, minimizing vulnerabilities. Additionally, data stored for backups should possess a high level of immutability, rendering it resistant to unauthorized alterations. One recommended approach is storing at least one backup copy in the cloud using write-protected immutable storage.

In the face of the alarming number of Veeam customers who have yet to apply the necessary patch, Preston expressed his disappointment. He urges these organizations to take immediate action by reaching out to their backup vendors for guidance on implementing essential security measures. By leveraging the expertise of backup vendors, organizations can enhance the security of their backups and fortify their defenses against ransomware threats. In a landscape where company survival is at stake, comprehensive security measures and prompt response are paramount to mitigating the risks and consequences of ransomware attacks.

The Evolving Nature of Ransomware

Stephen Foskett raised concerns about the widespread prevalence of unpatched and outdated systems, emphasizing the need for proactive measures. He called attention to the disparity in responses between physical attacks and cyber attacks, highlighting the urgent need for a shift in mindset and treating cyber attacks with the same gravity. Stephen anticipates that governments may eventually intervene more actively in cyber attacks, but acknowledged the potential escalation and advises IT professionals to take responsibility for protecting their systems.

The conversation then turned to the evolving nature of ransomware attacks, with Stephen reflecting on the growing trend of double extortion tactics. W. Curtis Preston discussed how threat actors leverage data exfiltration as leverage, threatening to release sensitive information unless the ransom is paid. He disapproves of paying ransoms, as it perpetuates the cycle and incentivizes further attacks. Instead, he emphasized the importance of having robust backup systems and implementing measures like DNS, DHCP, and IPAM (DDI) and intrusion detection prevention systems (IDPS) to detect and prevent data exfiltration.

Preston acknowledged the challenge posed by attacks that involve the extortion of sensitive information, highlighting the difficulty in remediation compared to attacks that solely rely on encryption. He stressed the need for organizations to invest in DDI systems and proactive security measures to address data exfiltration attempts. However, he expressed frustration with companies neglecting fundamental security practices, such as enabling multi-factor authentication (MFA) and implementing proper password management.

Take Action to Protect and Prepare

In conclusion, Preston emphasized the significance of implementing basic security measures, including patch management, password hygiene, and MFA, as they can significantly mitigate a large percentage of attacks. Foskett concluded by emphasizing the importance of taking control over what can be controlled and preparing for the inevitability of encountering ransomware attacks in the future.

About the author

Stephen Foskett

Stephen Foskett is an active participant in the world of enterprise information technology, currently focusing on enterprise storage, server virtualization, networking, and cloud computing. He organizes the popular Tech Field Day event series for Gestalt IT and runs Foskett Services. A long-time voice in the storage industry, Stephen has authored numerous articles for industry publications, and is a popular presenter at industry events. He can be found online at TechFieldDay.com, blog.FoskettS.net, and on Twitter at @SFoskett.

Leave a Comment