Once again, we are in lockdown. The coronavirus has thrust many changes upon our lives. The upside has been the accelerated shift in consumer behaviour from bricks and mortar to online for eCommerce businesses. But it’s not just shoppers that have gone digital; it’s also criminals.
During the pandemic, there has been a surge in cybercrime, and particularly ransomware attacks. In May, the Darkside hacker group crippled Colonial Pipeline, which supplies nearly half of the United States east coast fuel supply. Its CEO ended up paying over $5m in ransom to get his company back up and running. A month ago, JBS Foods fell victim to an attack, grinding its meat processing works worldwide – including in Australia – to a halt. It paid $14m to resolve the stoppage.
One of the most prolific threat actors this year, Avaddon, decided to shut down its operations in June. When it did, as an act of good faith, it released the decryption keys to nearly 3,000 of its victims, giving an indication of how widespread ransomware attacks are. And this is just the number of victims who had held out and not paid; many others had already sent money in an effort to protect their businesses, data, and reputation. Among known victims of Avaddon is NSW Labor.
Ransomware works by running software on your computers that encrypts data, making it unusable unless you have a decryption key. Threat actors have become more sophisticated in their attacks over the past year and will often also exfiltrate your data before encrypting it. If you do not pay the ransom, not only will you not receive the decryption key, but your data will also be released on the dark web.
This double extortion makes ransomware attacks particularly harmful. If you do not pay the ransom, which is the government’s recommendation, then you face both the costs of business interruption and the consequences of potentially confidential, sensitive, and private data falling into the hands of criminals.
Like all malware, there are several ways in which ransomware can get on your computers. Some threat actors take advantage of zero-day vulnerabilities, such as were exposed on Microsoft Exchange servers this year. Others rely on unsuspecting employees clicking links or downloading software in a phishing email. Some are so brazen as to ring your business, pretend to be from a reputable company, and tell your staff to download some software to address an urgent security threat.
The Australia Cyber Security Centre has released what it calls The Essential Eight, which are minimum recommendations that your business should implement to reduce the risk of falling victim to a cyber attack. The United States National Institute of Standards and Technology has released a far more exhaustive list of security and privacy controls, called SP 800-53.
Here are some steps that we recommend you take immediately:
- Educate your staff about cyber threats and how to recognise phishing emails
- Implement Multi-Factor Authentication for logging on to your systems
- Do two daily backups of your data, with one offsite and offline
- Install updates and security patches as soon as they are released
- Implement the principle of least privilege, giving staff just as much access as they need
These steps will help protect you from falling victim to a ransomware attack. If one does occur, it will help you quickly resume business operations without resorting to paying a ransom and further funding crime.
If you would like to discuss how you can make your business secure or to discuss any eCommerce related matters, please don’t hesitate to contact us to set up an obligation-free chat with a representative of The Playhouse Group.
With decades of experience and as a certified Magento partner, The Playhouse Group can help your business maximise its online sales capabilities. Get in touch with our team and we can talk to you about this or any other eCommerce questions you may have.