Ahoy mateys, did you know there are still pirates roaming the seas ? If you are planning your sailing vacation, it would be worth a look at what you could do to avoid and or protect yourself in the case of a pirate attack. I know, common sense, right? We are good at looking ahead and preparing for things that might happen, we lock doors, we buy insurance, look both ways before crossing streets… you get the idea.

Are we doing the same thing for our data? I can tell you YES, for the data under our control at ISHPI . We continue to evolve and adjust with the changing landscape to continue to protect our data. Part of that changing landscape (or attack vector if you want to sound like cyber security person) is the exploitation of system vulnerabilities to wreak havoc on our (and your systems). The cyber criminals are very smart; they are in it for the money and realize that just deleting the data or disabling the systems doesn’t necessarily net them any financial gain, just like [Cue the tie-in to this month’s topic] Pirates. Like their kin on the high seas, these data pirates will try to take your data hostage, for a ransom. These technology pirates like to prey on the user (the most vulnerable link in any security chain) and use system vulnerabilities to gain access to our (and your) critical data. Once in, they will use strong encryption techniques to systematically render all data you have access to, unreadable without the decryption key. Here is where the money making comes in: The usual pattern is they instruct you to pay a fee (ransom) to regain access to your files. They require you to complete the payment (in a difficult to trace form) in a specific amount of time. Any delay will result in the increase of the ransom amount until a time when they will just delete or render the data useless forever – a complete data loss. To make this month’s CyberBytes more impactful, the news of late has seen an increase of cases of ransomware infections affecting people and companies globally. Now the good news, there is a way to protect yourself. At ISHPI , as I mentioned earlier, we are protecting the data and will continue to adjust and evolve appropriately. Now, what about YOUR important data? The best is to NOT be duped into clicking a link that would allow for the ransomware to be installed (and possibly spread) and to make sure all your devices are current with security and system patches. But the insurance policy we need to invest in is multiple, regular, versioned, backups (also kept offline is a plus too). This way if (or when) your data is held ransom; you can just delete all the newly encrypted files, clean up from the infection, and restore from your backups and not have to pay the ransom. As with most things, there is no silver bullet solution, only education and applying what we learn and know. To help with that, I’ve included some links below.

For more information,
Protecting yourself from Ransomware and Ransomware Facts from Microsoft

Newsletter By:  Rob Collings, ISHPI’s VP of Cybersecurity | CISO

August 3, 2023