Doubling Down on Ransomware Protection | #itsecurity | #infosec | #education | #technology | #infosec

As the threat of ransomware has reached new heights in 2021, many water and wastewater organizations across the globe are doubling-down on their defense against the scourge to make sure they have done everything they can to avoid becoming the next victim.

John Sullivan, Boston Water and Sewer Commission chief engineer, for example, said his systems were attacked by ransomware in 2020. While Boston Water and Sewer was able to recover without suffering any compromise of its systems, Sullivan fears many of the nation’s water and wastewater systems managers may not be so lucky should they find themselves staring down a similar fate.

“What if, for example, the intruder (into a water system) was not immediately detected, and was able to manipulate pumps to drain a water tower or restrict distribution to certain areas?” Sullivan testified before Congress this past summer. “Such an outcome not only would have undermined the public’s confidence in their drinking water but would have carried severe impacts on the community’s infrastructure and public health.”

Sophia Oberton, special projects coordinator for the city of Delmar agreed, adding that a takedown of even a small water system, such as the one operating in Delmar, could breed “psychological panic on a national scale as communities fear their own drinking water supply could be threatened.”

“This is why,” she said, “small communities believe that protecting our water supplies from any cyberattack is just as important as protecting large communities.”

Advertisement

Executive Order on Ransomware Protection

Indeed, successful ransomware attacks across the U.S. have proven so visceral this year that they have triggered an executive order from U.S. President Joe Biden, nudging all U.S. businesses to get serious about ransomware protection.

The order calls for federal agencies to “work more closely with the private sector to share information, strengthen cybersecurity practices, and deploy technologies that increase reliance against cyberattacks,” Biden’s order said. “It outlines innovative ways the government will drive to deliver security and software using federal buying power to jumpstart the market and improve the products that all Americans use.”

Resources on Cybersecurity                                  Watch a video interview with Eric Thornburg about how the water industry can learn from other utility industries: https://bit.ly/wwdthornburg View a webinar with experts from Siemens on cybersecurity best practices and considerations: https://bit.ly/wwdsiemenswebinar Read the Sophos State of Ransomware Report: https://bit.ly/wwdsophosreport

A Growing National Concern

During 2021 alone, water and wastewater organizations and others across the U.S. have been reeling from successful ransomware attacks, including those against SolarWinds, a commonly used IT management software program; the ransomware disruption of service on the Colonial Pipeline, the largest conduit of refined oil products in the U.S.; and the ransomware seizure of computer files of the Washington, D.C., Metropolitan
Police Department.

Other ransomware takedowns include a takeover of computer files at goliath meatpacking company JBS Foods as well as at the National Basketball Association.

That said, authorities have occasionally gotten lucky against ransomware hackers in 2021. Excellent cyber forensic work by the U.S. Department of Justice, for example, clawed back $2.3 million in Bitcoin that the Colonial Pipeline paid to ransomware hackers to help get its computer network up-and-running again.

“Following the money remains one of the most basic, yet powerful tools we have,” said Lisa O. Monaco, U.S. Deputy Attorney General. “We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement. We thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by Dark Side.”

Even so, hackers more often than not get away with their exploits, extorting hundreds of thousands of businesses across the globe each year, and disrupting the day-to-day operations of each.

Senator Angus King (I-Maine) is co-chairman of the Cyberspace Solarium Commission, and said the next major national attack will likely be digital.

“I believe that the next Pearl Harbor, the next 9/11, will be cyber,” King said. “We are facing a vulnerability in all of our systems, but water is one of the most critical and I think one of the most vulnerable. There is an incipient nightmare here, and it involves all sectors of our critical infrastructure. But water I think is probably the most vulnerable because of the dispersed nature of water systems in the country.”

How Wide Spread are Ransomware Attacks?

Overall, 37% of organizations across the globe have experienced some sort of ransomware attack between May 2020 and April 2021, according to a study from cybersecurity firm Sophos titled “The State of Ransomware 2021.”

Based on that survey of 5,400 IT managers at mid-sized organizations across 30 countries, the study also found that the average ransom paid to recover data from a ransomware attack was $170,404 USD.

Not surprisingly, many of the criminals behind those successful ransomware attacks kissed-off promises to restore computer files once ransoms were paid, according to the study. On average, victimized organizations in the study that paid ransoms only got back 65% of their data. And only 8% of organizations forking over money to hackers were able to retrieve all of their files, according to the Sophos study.

Equally vexing for the victim organizations was the cost to day-to-day business. On average, the average cost to restore the impact of a successful ransomware attack on a mid-size business — taking into account downtime, lost wages, device cost, network cost, lost sales and ransomware paid — was $185 million.

Plus, hackers have increasingly exploited a new wrinkle in their ransomware schemes during the past year — threatening and often making good on threats — to publish sensitive data found in business files on the Dark Web if the victim business or organization refuses to pay a ransom.

Advertisement

Solutions for Ransomware Protection

Fortunately, water and wastewater organizations looking to protect themselves also have a raft of new software choices available specifically designed to thwart ransomware attacks.

Below is a representative sampling of that software, all highly rated and all available at entry level prices. Essentially, computer security personnel can try-out these programs at extremely low rates — and in some cases — opt to bring-in an enterprise-level alternative to the same program should they be deemed necessary:

• Bitdefender Antivirus Plus starts at $23.99 per year. Bitdefender has been a player in the anti-ransomware space for a number of years, and Bitdefender Plus offers many of layers of anti-ransomware protection along with myriad other security features. The software is designed to eliminate on-the-spot known ransomware. Plus, it will also watch for unexpected behaviors on a PC or network that indicate ransomware activity such as a sudden, wholesale change in the names of files or the extension names of files. Bitdefender backs-up all files at the first whiff of what it determines may be a ransomware attacking beginning to deploy  and then restores the files after the attack has been fully neutralized.

• ZoneAlarm by Checkpoint is $39.95 per year: This is another highly rated anti-ransomware package that erases all vestiges of ransomware on a computer system once detected. It also embeds ‘bait’ files on the computer on the network, designed to lure ransomware into changing those files first, setting off alarms and enabling ZoneAlarm to neutralize the attack before it spreads to actual company files. Additionally, ZoneAlarm can repair files after a ransomware attack, if possible.

• Kaspersky Security Cloud is free. It is hard to argue with free. So when looking for instant piece-of-mind immediately, this software may be the best option.Kaspersky is designed to protect against two types of ransomware: One, which encrypts files, making them unusable to you. And two, ransomware that encrypts the entire hard disk, making the entire computing device unusable. Kaspersky can also neutralize ransomware that locks-up the computer screen. And it offers monitoring and auto-neutralization of typical ransomware behaviors such as wholesale renaming of files or file extensions. Other features include Idle Scan, which monitors resources like system memory when the computer is not in use. And there’s a rootkit scan function, which helps betray ransomware activity designed to elude typical monitoring of Windows and typical monitoring used by everyday anti-virus software.

• Sophos Home Premium starts at $44.99 per year. This program is a lite version of a more robust version of anti-ransomware protection that Sophos offers to enterprise-level businesses. Sophos is designed to plug known security holes in commonly used software. Plus it offers download reputation analysis on programs the user may be thinking of downloading that may have a bad reputation. Sophos could do the trick for a small business that decides enterprise-level protection is not necessary, especially since this lite version enables one to remotely safeguard, monitor and manage the software on up to 10 remote computers. One caveat: novice users may face a bit of a learning curve before they can use Sophos’ advanced features.

• NeuShield Data Sentinel starts at $23.99 per year: Neushield is the only candidate in this pack that does not offer ransomware protection. Instead, Neushield is an after-the-fact ransomware product, which offers one-click restoration of files encrypted by ransomware, if possible. Essentially, Neushield is not a panacea against a ransomware attack. But giving it a whirl after a business has been taken down by ransomware is well worth the price of entry. Users install Neushield on their computers before an attack occurs. That enables the software to ‘virtualize’ any changes to the files on your system. Theoretically, virtualized files cannot be corrupted by a ransomware attack, given that they are not fully operational files in a virtualized state. Users of Neushield regularly decide when to approve changes in virtualized files, which make those files operational once again. It’s a powerful way to put a buffer on any files in your system that undergo changes, including changes ransomware is seeking to make to your files.

Whether an attack has happened or utilities are preparing for them, one thing is clear: protection against ransomware and cyberattacks will be critical for the future of water and wastewater in the U.S.