Should You Pay Ransomware: Answers From The SecurityMetrics Threat Intelligence Center

Heff Director of SIEM Operations

The SecurityMetrics Threat Intelligence Center monitors the cyber threat landscape and some of the developing cyber news from the past quarter that has been making headlines around the world. October is National Cybersecurity Awareness Month, so our Security Analysts curated a list of some important best practices to consider to protect your business and help minimize risk, vulnerabilities, or threats to your systems and environment.

Should you pay ransomware?

Should you pay ransomware? No. Read on to learn more. 

The dominant cyber threat vector of 2020 has been the incredible surge in ransomware attacks. The COVID-19 pandemic has helped bring these attacks to unprecedented levels and the SecurityMetrics Threat Intelligence Center is seeing higher levels of ransomware sophistication than ever. Specifically, we see threat actors combining phishing emails with malware. 

Threat actors are not only attempting data exfiltration of your “crown jewels,” they are also holding them for ransom. When you think about how many businesses have shifted to remote work and the complexities that come with a distributed workforce–you can see how critical good cyber hygiene in your business is.

What to do if your network is infected with ransomware

1. Don’t panic and don’t initially delete anything 
2. Partner with a digital forensics professional 
3. Consult this ransomware guide from the Cybersecurity and Infrastructure (CISA)
4. Do NOT pay the cybercriminals’ ransom. 

The latest advisories from the US Treasury Department have made abundantly clear their stance on paying ransoms. They released updated warnings for individuals or businesses who pay ransoms or help facilitate ransomware payments–they may be violating anti-money laundering laws and therefore be sanctioned. The warnings came in a pair of advisories, one from the Financial Crimes Enforcement Network(FinCEN) and the other from the Office of Foreign Assets Control (OFAC) this past week.

The FinCEN and OFAC advisories now cover the security firms that provide protection and mitigation services to victims of ransomware attacks. These ransomware payment companies will directly receive the ransomware victim’s Fiat funds which are then exchanged for convertible virtual currency (CVC) and ultimately handed over to the criminal. You want to avoid facilitating ransomware payments to cybercriminals. 

New malware that cannot be deleted

Kaspersky Labs recently announced that they are detecting malware, believed to be from China, that can survive operating system (OS) reinstalls. This means that there is malware in the wild that can exploit a Windows computer to stay active even after you clear and reinstall the operating system. 

If you connect it, protect it

To celebrate National Cybersecurity Awareness month, the SecurityMetrics Threat Intelligence Center has curated a list of best practices and tip sheets courtesy of cisa.gov. Consider using these tip sheets, best practices, and security awareness education tools to help protect your business, your systems, people, or environment.

You can find the full list on the NCAM website.

• National Cybersecurity Awareness Month Education Presentation
• Cybersecurity at Work Tip Sheet
• Cybersecurity While Traveling Tip Sheet
• Identity Theft and Internet Scams Tip Sheet
• E-Skimming Tip Sheet
• Internet of Things (IoT) Tip Sheet
• Multi-Factor Authentication Tip Sheet
• Online Privacy Tip Sheet
• Passwords Tip Sheet
• Phishing Tip Sheet
• Protecting Your Digital Assets Tip Sheet
• Social Media Cybersecurity Tip Sheet

SecurityMetrics Cybersecurity Training Worksheets and Resources

• PCI DSS Audit Timeline
• PCI DSS IT Checklist
• Handout: 7 Signs of a Phishing Email
• Incident Response Plan Basics
• Penetration Testing Timeline Checklist 

Prevent ransomware and data breaches with SecurityMetrics Pulse

Working backwards from large corporate data breaches, we've been able to pinpoint some of the most common attack vectors used in network breaches:

• Phishing emails
• Social engineering
• Gray area network attacks from franchise, employee, or 3rd-parties making remote connections.
• Less secure networks with intermittent access into more secure networks.

If you are a large franchise or corporate entity with many remote locations, it's crucial to find a network security company that can provide a level of visibility into your gray area networks to monitor for threats, vulnerabilities and malicious activity while also providing assurance to network owners that they are still in control of their own networks and privacy.

SecurityMetrics Pulse MSSP Solution

Do you know what vulnerabilities threaten your external network security? Pulse is a SOC/SIEM product that helps large enterprises, franchises, and health networks stay ahead of cyber criminals who attempt to exploit an organization’s locations through external vulnerabilities.

SecurityMetrics Pulse includes:

• Low cost per location
• Low-touch implementation (only requires account setup and external IP addresses), no on-site installation required
• Simple integration with comprehensive Pulse sensors and packages

Learn more about SecurityMetrics Pulse here. 

Matt Heffelfinger–"Heff" is preferred–is a Utah based cybersecurity professional and serves as SecurityMetrics Director of SIEM Operations. His primary wheelhouse includes leading the SecurityMetrics Security Operations Center (SOC) and Threat Intelligence Teams for multiple clients both in the USA and globally.  With over 15 years of global cybersecurity experience, his career stops include Caesars Entertainment, TJX, Inc., General Electric, NBC Television and the Las Vegas Sands Corp.