The PCI Security Standards Council (PCI SSC) and the National Cybersecurity Alliance issued a joint bulletin on the increasing threat of ransomware attacks.
What is the threat?
Ransomware attacks have been front and center in the news over the past year due to high-profile breaches that have impacted businesses across the globe. The high-profile ransomware attacks in 2021 have been part of a larger global increase in ransomware crime.
According to Sophos, the average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021.
How do these attacks work?
A ransomware attack involves cyber actors gaining access to your network, systems and data and then rendering parts of these unusable, and/or stealing some of the data you have stored. The cyber-actor then ‘ransoms’ the data back requiring payment to provide a decryption key to allow for the recovery of the encrypted data and systems or to guarantee sensitive data is not further exposed. In some cases, ransomware actors will publicly release or sell the data that has been stolen if the victim does not pay. Ransomware attacks are often the result of a phishing attack, when a company employee clicks on a malicious link, or the exploitation of known vulnerabilities in outdated software that an organization has not updated using patches they receive from software vendors.
What are some prevention best practices?
When it comes to protecting payment card data, which is often the target of a cyber-attack, adherence to the PCI DSS is considered a best practice. It consists of steps that mirror industry accepted security best practices and at a high level requires you to consider:
- How do you keep the criminals out?
- How do you slow them down if they get in?
- How do you detect them and respond to that detection in the quickest and most appropriate way?
For any ransomware event, it’s important to understand the scope of the data which may have been potentially exposed. Criminals have been in your network and even if data is not included in the ‘ransom’, it may have been copied to be used later. All such data must be considered compromised, and appropriate actions taken.
For dealing with the threat of ransomware attacks related to payment security, the PCI DSS can be helpful in preventing an attack. Some critical best practices include:
- Network segmentation – Identify and secure your organizations most important/valuable data.
- Train your employees – Develop a plan that educates your employees on the best ways to avoid these types of attacks
- Test your systems – Have you tested your systems lately to see if it’s easy for someone to break in?
- Maintain a secure network – What does someone have access to once they are ‘in’ your network?
- Patch – Your vendors send you “patches” to fix problems in your payment systems or other systems. Use them.
- Monitor – Are you monitoring your systems for changes? Have suspicious or unauthorized/unapproved changes been investigated?
- Backup your systems – Have you tested the integrity of your backups recently (both physical and virtual backup systems)? Have you tested the backup and recovery process recently? Making sure you can recover data from your backups is crucial in the event your systems are locked by ransomware.
- Prepare – You and your employees should know how to recognize and respond to an attack, including what to do and who to contact. This should include formal processes for identifying all sensitive data potentially exposed during the event, so that this can be considered compromised – regardless of any restoration or remediation processes.
- The importance of software security – Software Security is also a key component to guarding against ransomware attacks since ransomware attacks often happen because of outdated or inferior software.
On-the record quotes from Lance Johnson, Executive Director, PCI SSC, said: “The PCI SSC hears from stakeholders around the world about the threat of ransomware attacks. As an industry-leading organization in the world of payments security, we are issuing this bulletin to help educate those who work in payments and security about this present and growing risk. Organizations need to make cybersecurity a top priority as the number of cyber-attacks around the globe is on the rise.”
“Ransomware attacks take advantage of vulnerabilities that allow attackers to illegitimately access to a system. Utilizing good payment security practices and protocols can go a long way in guarding against these attacks. Adherence to the PCI Data Security Standard (PCI DSS) is considered a best practice in defending against a wide range of attacks including ransomware.”
“The surge in ransomware activity has left many businesses and governments around the world scrambling for answers as they struggle to stay a step ahead of organized cybercriminal gangs. These cyber threats are very real and require immediate action to better protect against these ongoing criminal activities.”
Lisa Plaggemier, Executive Director National Cybersecurity Alliance, said: “All organizations, large and small, public and private, are at risk of ransomware attacks. Ransomware is an ever-growing cyber threat that can devastate an organization, especially small organizations without the resources to combat it. The U.S. suffered 65,000 ransomware attacks in 2020 and sadly, small businesses and non-profits bore the brunt of those attacks.”
“Small businesses and non-profits are attractive targets because they typically lack the security infrastructure and resources of larger businesses. Recent reports estimate 37% of all businesses and organizations were hit by ransomware in 2021 and 32% of ransomware victims paid a ransom demand.”