Staff training, robust archives key to defence against ransomware

“A lot of these companies and organizations don’t have the budget to keep up with it…. It’s ever changing. It evolves extremely fast.”

Paul Brunet, CEO of IT support business Great White North, delivers a chilling workshop on the increasing prevalence of ransomware around the world at the Northern Lights conference in Ottawa on Feb. 6. In the graphic above, MSP refers to managed service providers or IT companies. (Photo by Lisa Gregoire)

By Lisa Gregoire
Special to Nunatsiaq News

With an increasing number of criminals encrypting computer data for ransom—potentially at your home and workplace—experts worldwide are saying one of the best defences is awareness and training.

Sure, it’s vital for companies and organizations to have robust backup systems that update regularly and are protected against infections. But, since most malicious software enters systems through a single, unaware user, regular training is key.

“Training the users—training everyone within the organization—is extremely important because now you’re informing them of the new kinds of threats and you’re making them more aware that—when they’re faced with those types of threats—hey, this is a real thing,” said Paul Brunet.

Brunet, CEO of technology and IT support business Great White North, presented a workshop at this year’s Northern Lights conference in Ottawa on Feb. 6, which included clicking on a WannaCry ransomware document on his podium laptop to demonstrate what happens when it gets into your system and what’s needed to remedy the situation.

Paul Brunet, CEO of IT support business Great White North, explains to delegates at the Northern Lights conference in Ottawa on Feb. 6 that there are few options available once you’ve been infected by ransomware. (Photo by Lisa Gregoire)

The IT staff working for the Government of Nunavut didn’t need a demonstration. On Nov. 2, hackers attempted to get a ransom from the GN by infecting its computer and voice mail systems with malware, effectively shutting down the territory’s vulnerable, decentralized bureaucracy, making justice and health-care files temporarily inaccessible and leaving contractors and social assistance recipients unpaid.

The Doppelpaymer encryption cyberattack sent the government and its 36,000 or so residents into a tailspin for weeks, prompting Microsoft to send assistance through its detection and response team, or DART.

Great White North, whose clients are mostly Indigenous businesses and organizations in Ontario, Manitoba and Nunavut, said it’s not a matter of if you’ll get hit by a cyberattack, but when. Brunet’s company offers regular, ongoing training that includes sending fake phishing emails to staff to see who clicks on what and why.

“If you click on it, it will pop up and say, ‘By the way you clicked on this. It looked like an Amazon tracking link, but here’s how to identify and validate that what you’re clicking on is really what you think it is. So, you failed this time, but here’s how to make sure you don’t fail next time,’” Brunet said. “And we generate reports on that.”

Although it was never specifically disclosed, it’s likely the GN cyberattack entered via a GN staffer, probably from a fake email.

Other than training, Brunet said, it’s important to have robust backup systems that refresh regularly and are immune to attack. The GN, for instance, has usable backup data, but it was reportedly two days old. Those two days can translate into a huge amount of work to recover all that lost information, not to mention the cost of downtime while technicians work to wipe systems clean and restore software and working networks.

“If it goes across 25 different communities, the impact is very significant and the cost of downtime is very significant. And it’s not just dollars,” he said. “It’s the impact on all the services that organizations provide. It’s your reputation. No organization wants to be faced with that.”

But here’s the kicker. Protecting yourself against a cyberattack is expensive.

“A lot of these companies and organizations don’t have the budget to keep up with it…. It’s ever changing. It evolves extremely fast.”

The cost depends first on how many devices you have because that will determine how many cybersecurity software licences must be purchased. Many of Brunet’s clients then pay a monthly fee on top of that for ongoing IT support, training, advice and upgrades. Depending on the size of your business, that can cost hundreds or even thousands of dollars per month.

Last October, the FBI issued a “high impact” cyberthreat warning, saying that local and state governments in America were being targeted as well as health-care organizations, industrial companies and the transportation sector.

This came after the State of Texas underwent a cyberattack in August and before the Louisiana state government was attacked in November. A month later, in mid-December, the City of New Orleans was hit by ransomware and had to call a state of emergency.

The future is grim: A graphic from Datto’s most recent State of the Channel Ransomware Report shows cyberattackers’ predicted prey in the years to come including social media accounts and self-driving cars. (Source: Datto)

According to a worldwide ransomware report recently issued by Datto, a global tech company with its head office in Connecticut, external IT support and security companies who were surveyed reported 79 per cent of their customers had been attacked by ransomware.

Most common ransomware delivery methods are phishing emails, malicious websites and web ads, and clickbait, says the report. Top vulnerabilities are lack of end-user cybersecurity training, poor user practices and gullibility, and weak passwords/access management.

Share This Story

(1) Comment:

  1. Posted by Sys Admin on

    Having file backups is enough for an individual with a single computer. But, as the GN found out the hard way, it’s not enough for an organization with a significant network.
    An organization with a network needs a way to rebuild its network.
    If the network was built “by hand” in an ad hoc manner, rebuilding the network could be close to impossible.
    If the network was built by scripts, and if current copies of those scripts are kept in a secure environment, then restoring/rebuilding the network becomes a relatively simple matter of running the scripts.
    If that is done, restore/rebuild would take minutes or hours, depending on the size of the organization.
    And, of course, you have to test your backups and your procedures regularly. That means you have to regularly rebuild your network from your backups. It’s a “white knuckle” exercise the first time you do it.

Comments are closed.