Cyber Security Awareness Month: Everything you need to know About Ransomware

 
October 19, 2021

Welcome back to Celero Spotlight! In our third episode of season two, Celero's Chief Information Security Officer, Matt Laba, discusses ransomware.

Find out what credit unions can do to protect themselves from malware and malicious online attacks as part of our Cyber Security Awareness Month series.

The episode transcript can be found below.

Transcript 

Jordan Smid 

Hi, I’m Jordan Smid, Director of Marketing at Celero.  

Welcome back to Season 2 of Celero Spolight. In today’s episode, we’ll be kicking off our cybersecurity awareness month podcast series by discussing ransomware. 

Today, I'll be chatting with Chief Information Security Officer at Celero, Matt Laba, to get his expert knowledge on ransomware. So let’s dive right in with our first question.  

Matt, could you give us a brief definition of what ransomware is? 

Matt Laba 

Sure, so ransomware, it's a common term used out there as one of the higher security risks in the world today. 

It's a form of malicious software that infiltrates a computer or network and basically limits or restricts access to critical data by encrypting files until ransom is paid. 

So basically, a server or desktop environment is rendered useless because they are encrypted, and until ransom is paid you will not get the encrypted key back from the hackers. 

Jordan Smid 

OK, so over the past year, what are some of the ransomware trends you've seen in the financial services industry? 

Matt Laba 

So specifically talking to some stats, you know, basically malicious emails are up over 600% due to COVID, and per surveys, 37% percent (so roughly a third) have been affected by ransomware attacks in the last year, so that's definitely gone up. 

The average ransomware fee to be paid to unencrypt a ransomware system has gone up from like $5,000 in 2018 to $200,000 in 2020, so those are the kind of numbers we're seeing. 

It's kind of, you know, scary when you see that the trends are going upward quite a bit. Now the main things that are happening in the industry in terms of ransomware are again, becoming more sophisticated and tougher to protect against. 

And that's where we bring a strategy in. But basically, two things are that they are not only trying to encrypt systems, but they're also trying to attack our backup systems and encrypt those so they render those useless as well. As well as grabbing data, you know, once they're in the system before they encrypt it and ask for ransom, they actually go and, you know, do some reconnaissance and try and grab some critical data that they copy back to their site and they use as leverage as well. 

Jordan Smid 

So, how can credit unions protect themselves from ransomware attacks? 

Matt Laba 

Well, there’s a couple steps there, but it's fairly straightforward. 

You need to put a plan in place, a strategic plan, to protect against ransomware. It's one of the, you know, the leading risks out in the world today. 

So, we absolutely need to put something in place. We've been doing that at Celero, and you know, every year we're modifying that. So, if you don't have a ransomware strategy, you should develop one, and if you have one, you should upgrade it annually. 

That's the first step, and that upgrade, you know, development includes protecting your backup system as I mentioned in one of the earlier questions. Once you've got a strategy in place, the next step is basically practice mock ransomware attacks. 

So, put a scenario together, you know, basically a virus or malware coming into the environment. It encrypts computers, or servers or desktops, makes them, you know, rendered useless. 

You get a call from, or an email from a firm saying, we've encrypted your devices as a ransomware attack. We want so much Bitcoin to get the keys to unencrypt it.  

Basically, build a mock attack to practice an attack coming in and what you are going to do in a situation — whether it's going to your backups, whether it's invoking an IR retainer with a third-party firm to help you out, bringing in legal and communications — there's just so many things that need to be done when that ransomware attack happens. 

So, you do want to practice that, and the third part (I mentioned it briefly), is make sure you engage a professional services organization with an IR or instant response retainer. 

These companies are pros at doing this, so whether it's a major data breach or ransomware attack, whatever, you can put someone on retainer for so many hours a year, and they can actually come in with their experts and help you contain the situation, get you back up and running and actually do forensics on what happened. 

Jordan Smid 

That's great, so good advice for credit unions on those three different points. 

So Matt, what is Celero doing to address ransomware? 

Matt Laba 

So, as I mentioned, you know, our advice for credit unions on their ransomware strategy and plan, we're doing that, like we are modifying and modernizing our ransomware strategy and plan for 2022 to actually, you know, take into account protecting our backups and looking at, you know, taking into account the sophistication of the type of attacks happening, not just depend on what we've done for years, which is basically recover from backup and we're good. 

We've actually got to take a few further steps in detail to get us where we need to be. So we are, you know, obviously modifying our ransomware strategy, we are setting up mock ransomware attacks in the environment and getting our teams trained up on what to do. 

And part of this whole strategy, again, is segregating our backup systems. We need to make sure our backup systems are properly protected. 

So basically, you know, the kind of accounts that are set up (purge accounts) for maintaining servers in the production environment, segregation of duties, and there are different accounts set up for those doing the backups. 

So, if a hacker gets in, gets a purge account, can actually encrypt a server or servers, hopefully then they don't have a way to get in to do the backups because it's segregated through a different kind of account. 

So those are the kinds of things that we're doing across the board. 

Jordan Smid 

So that's great to hear Celero’s actively engaged and mitigating the threat of ransomware. 

What can credit unions do if they believe their system has been infected by ransomware? 

Matt Laba 

So, there's two parts to that question. 

The first part is related to if the systems infected are actually in the Celero managed environment — so it’s services that we manage and protect for the credit unions.  

The best thing to do if ransomware is suspected is for the credit union to contact Celero in confidence due to the sensitive nature of this security incident. It is not recommended to go through the normal channel of entering an incident through the Service Desk at this point.

The appropriate staff at both the credit union and Celero security team will work on this issue together ensuring the ongoing investigations are kept confidential to the individuals involved. Depending on the severity of the potential ransomware attack, the credit union may at this point want to engage their legal, communications and senior management teams.  

So that's the first part, the second part is, if it's ransomware on a system that Celero does not manage and therefore we don't have access to the system to help with the monitoring and protecting of it. The responsibility is over to the credit union to follow their strategy that we’ve already talked about earlier in this session. They would invoke their incident management on their side and do the right protection, isolate the system, recover from backups and do forensics, etc.  

So there you go, two parts to this question, it really depends if the part that’s under attack is in the Celero environment if its not or and  its managed by the credit union themselves.   

Jordan Smid 

Thanks, Matt, I'm sure there's lots more to talk about with ransomware and cyber security, and lots to learn out there. 

If you're a credit union who wants to get in touch with us to learn about their security posture what's the next steps they should take? 

Matt Laba 

Yeah, so obviously the best step is to go through your account manager with Celero, and that individual would obviously contact the right people. 

There's two parts that question again, if you want to understand the whole incident management process a bit better, we'd obviously get in touch with the IM team, including the security team that's involved there, and kind of walk you through how that works. 

If you wanted help on the actual ransomware strategy and plan for your company, then they would probably contact myself and the senior security staff on my team to help you define and develop your strategy. 

 Jordan Smid 

Great thanks Matt. 

We really appreciate your expertise and sharing on a topic that we have heard from our credit unions clients is a focus area. Thank you so much.  

 

Cyber Security Awareness Month: Everything you need to know About Ransomware