Appalachia Technologies Blog
Ransomware: The ASCII Group Insight
Appalachia is proud to be a member of The ASCII Group, a community for managed services providers, IT service providers, and managed security service providers. Recently Jason McNew, Senior Engineer, Cybersecurity Risk & Compliance, was invited to contribute his experience and knowledge of ransomware, along with a few select members to help the ASCII community.
Q: What needs to change about ransomware protection in 2021?
McNew: Training, training, and training. A well-trained staff is critical to thwarting ransomware. I have done dozens and dozens of assessments, and probably 60% of the clients I have worked with still do not have a formal cybersecurity or phishing training program. Additionally, most IT environments are lacking in protective technologies like SIEM, IDS, and vulnerability management. Instead, they still rely on the 90’s model of a firewall, some level of automated patching, and endpoint protection. This just isn’t enough. Not enough at all.
Q: When should law enforcement be called? (And which agency is the best to contact?)
McNew: File a report with ic3.gov and the FBI if a major loss is involved and by major, we mean in the neighborhood of $400k or more. Cybercriminals know that state and local law enforcement is not well equipped to deal with cybercrime and they deliberately take advantage of the jurisdictional boundaries which are a result of our form of government. The unfortunate reality is however that in most cases law enforcement cannot and/or will not do anything, for a variety of reasons that are beyond the scope of a short discussion. It is for these reasons that a correct mix of Defense in Depth, BCP (Business Continuity Planning), (BDR) Backup and Disaster Recovery, in addition to business and cyber insurance is a very good idea.
Q: Should the ransom be paid?
McNew: I know that opinions vary here, so here is mine. This is a strictly business-driven decision based on risk, operations, and finances. Keep emotions out of it. If you have good working backups, then no. But if your options are to pay the ransom or face going out of business, I think the choice is obvious.
Q: What are the pros and cons of paying a ransom?
McNew: The pros are that you will “probably” get some, most, or all of your data back. The cons are financial losses and the fact that we are forced to help perpetuate an immoral, unethical, and illegal business practice.
Q: What are the long-term effects of a ransomware attack?
McNew: Many businesses do not have adequate protections in place and will close, unfortunately. Even if prepared, there is still the sting of disruptions to operations, and then the financial impacts to the companies that do pay and get their data back. There is also the possibility that toe holds and back doors will be left behind in the network, so that is something that must be considered. The upside is that companies who withstand a ransomware attack and continue operating, will do the right things and put in the protections that are needed to help reduce the risk and impact of future ransomware attacks. Every network is like a house sitting on the coast of Florida. It’s only a matter of time until a storm comes ashore, and the time to prepare is now, not later.
If you are concerned your organization has been hit with ransomware, you want to act quickly yet appropriately. For more information on how we can help, click HERE.
Senior Engineer, Cybersecurity Risk and Compliance, Appalachia Technologies
Jason McNew is a CISSP and a CMMC RP (Registered Practitioner). Jason, a United States Air Force veteran, holds a Master’s degree from Penn State University in Information Sciences, Cyber Security and Information Assurance, in addition to a Bachelor of Science and two Associate of Science degrees. Penn State’s Cyber Security program has been reviewed and endorsed by the National Security Agency (NSA) and the Department of Homeland Security (DHS). He also worked for the White House Communications Agency from 2003 until 2015. In 2017 he founded Stronghold Cyber Security, which was acquired by Appalachia Technologies in 2020.