National Cybersecurity Alliance and PCI Security Standards Council Issue Joint Bulletin on Ransomware Attack
The PCI Security Standards Council (PCI SSC) and the National Cybersecurity Alliance issued a joint bulletin on the increasing threat of ransomware attacks. The full bulletin can be viewed here.
What is the threat?
Ransomware attacks have been front and center in the news over the past year due to high-profile breaches that have impacted businesses across the globe. The high-profile ransomware attacks in 2021 have been part of a larger global increase in ransomware crime. Over the calendar year 2021, it is estimated that ransomware attacks cost the world $20 billion and hit 37% of all businesses and organizations. These cyber threats are real and require immediate action to better protect against these ongoing criminal activities.
How do these attacks work?
A ransomware attack involves cyber actors gaining access to your network, systems and data and then rendering parts of these unusable, and/or stealing some of the data you have stored. The cyber-actor then ‘ransoms’ the data back requiring payment to provide a decryption key to allow for the recovery of the encrypted data and systems or to guarantee sensitive data is not further exposed. In some cases, ransomware actors will publicly release or sell the data that has been stolen if the victim does not pay. Ransomware attacks are often the result of a phishing attack, when a company employee clicks on a malicious link, or the exploitation of known vulnerabilities in outdated software that an organization has not updated using patches they receive from software vendors.
What are some prevention best practices?
When it comes to protecting payment card data, which is often the target of a cyber-attack, adherence to the PCI DSS is considered a best practice. It consists of steps that mirror industry accepted security best practices and at a high level requires you to consider:
How do you keep the criminals out?
How do you slow them down if they get in?
How do you detect them and respond to that detection in the quickest and most appropriate way?
For any ransomware event, it’s important to understand the scope of the data which may have been potentially exposed. Criminals have been in your network and even if data is not included in the ‘ransom’, it may have been copied to be used later. All such data must be considered compromised, and appropriate actions taken.
For dealing with the threat of ransomware attacks related to payment security, the PCI DSS can be helpful in preventing an attack. Some critical best practices include:
Network Segmentation – Identify and secure your organizations most important/valuable data.
Train your employees - Develop a plan that educates your employees on the best ways to avoid these types of attacks
Test your systems - Have you tested your systems lately to see if it’s easy for someone to break in?
Maintain a Secure Network - What does someone have access to once they are ‘in’ your network?
Patch - Your vendors send you “patches” to fix problems in your payment systems or other systems. Use them.
Monitor - Are you monitoring your systems for changes? Have suspicious or unauthorized/unapproved changes been investigated?
Backup your systems - Have you tested the integrity of your backups recently (both physical and virtual backup systems)? Have you tested the backup and recovery process recently? Making sure you can recover data from your backups is crucial in the event your systems are locked by ransomware.
Prepare - You and your employees should know how to recognize and respond to an attack, including what to do and who to contact. This should include formal processes for identifying all sensitive data potentially exposed during the event, so that this can be considered compromised – regardless of any restoration or remediation processes.
The Importance of Software Security - Software Security is also a key component to guarding against ransomware attacks since ransomware attacks often happen because of outdated or inferior software.