Q&A: Gillware explains how businesses can fight ransomware
Here’s what you should know.
Ransomware attacks have been steadily rising over the last decade. Just a month ago, over 400 dental offices were hit with an attack that shut down their systems and left them unable to treat patients. This leaves businesses large and small questioning how they can avoid attacks. The problem is, ransomware is constantly evolving and cybercriminals behind the attacks are getting smarter.
Fortunately, there are companies like Gillware who are leading the fight against these attacks. If your technology falls into the wrong hands, this is a team that’s going to get to the bottom of it. We spoke with Gillware to learn more about their services and what you can do to protect your business.
Q&A with Scott Holewinski, CEO of Gillware
Q: How did Gillware come to fruition?
Gillware as a brand has been around for over 15 years when brothers Brian and Tyler Gill started their data recovery operation after Tyler’s hard drive failed. As that business grew, Gillware expanded to offer a data backup solution. Once the backup business successfully sold in 2016, it was time to determine what was next.
That’s where Gillware Digital Forensics, Inc. began. President Cindy Murphy joined the team after retiring from an impressive career in law enforcement and digital forensics. She has been leading digital forensics investigations since 1999 and has instructed thousands of digital forensics students worldwide. Her expertise and leadership fuels our team as we grow and help businesses investigate questions only technology can answer.
Since Gillware Digital Forensics began in 2016, it has grown into one of the most-respected forensics, incident response and cyber risk management firms in the industry. From helping businesses respond and recover from ransomware attacks, to conducting annual cyber risk audits, Gillware helps businesses protect themselves from the latest threats. We often collaborate with cyber liability insurance carriers and privacy attorneys as businesses fall victim and need to get back up and running. We take pride in prioritizing restoration throughout our investigations because we know how important it is to return to business as usual.
Q: What are some of the most common ransomware vulnerabilities that you see in businesses?
Hands down, one of the most commonly exploited vulnerabilities is through Remote Desktop Protocol (RDP) being accessible through the public internet. This opens the door for malicious actors to enter a business’s environment and deploy ransomware. If there is anything you can do to protect yourself from ransomware, ask your IT staff or provider to double check that RDP is not open to the public internet. The Gillware incident response team routinely encounters businesses who thought RDP was closed, only to find out it was opened for seconds on accident or for a special reason – the problem is that malicious actors only need seconds to deploy these attacks and even the slightest opening may be all they need.
Another way ransomware deploys is through phishing emails. These phishing emails vary in level of sophistication. Some may tout fake blackmail on the recipient claiming that an attachment contains what the sender is claiming. Some more sophisticated phishing attempts may involve a compromised email account. Weak login credentials without multi-factor authentication make it easy for attackers to gain access to email accounts, at which point they deploy malicious messages across their address book to see if anyone takes the bait. An example of this would be a salesperson’s email getting compromised and then the malicious actor sending fake invoice attachments to their customers with ransomware enclosed. These phishing attempts are trickier to spot because the recipient may know and trust the sender and subsequently opens the email. If your business does not conduct routine phishing training, you should start right away.
Lastly, another common vulnerability is related to remote management tools used by managed service providers. IT providers use tools like Bomgar and Kaseya to remotely manage their client’s workstations and environment. If those services are not patched and updated often, or if they do not have complex login credentials, attackers can gain access to the remote management tool and deploy ransomware to any of the clients connected through the service.
Q: What are some steps businesses can do to avoid attacks?
- Ensure that RDP is not accessible via the public internet.
- Use multi-factor authentication for at least administrator accounts, and preferably all accounts within the organization.
- Deploy email phishing training to heighten awareness.
- Patch and update all services and systems as quickly as possible to address any security vulnerabilities.
- Routinely test your backups and ensure they have unique and complex login credentials with multi-factor authentication.
Q: What are some tips for businesses that are attacked?
If you suspect you have fallen victim to ransomware or any similar attack, contact your business’s cyber liability insurance provider. They will lead you through the process of engaging an incident response firm like Gillware to help you navigate the situation. Once engaged, our priority is to stop the attack, preserve evidence, and get you back up and running as quickly as possible. As we start the process of bringing systems back online, we’ll walk through any security safeguards you need to put in place to avoid a repeat attack.
It is beneficial to evaluate whether or not your business is willing to pay the ransom. For many businesses it comes down to business interruption estimates. If backups were destroyed as part of the attack, it may take months to rebuild systems and recreate all of the lost data whereas the process of paying the ransom and decrypting the data may take several days. We understand it is a controversial decision and advise our clients to evaluate all the options and potential outcomes.
Q: What are your plans for the future of Gillware?
Our plans for Gillware Digital Forensics are ambitious. We have experienced a lot of growth in the last three years and really have no plans of slowing down. While we’ll always help businesses respond and recover from cyberattacks, we are placing a large focus on proactive cybersecurity services to help businesses avoid the fallout of these attacks in the first place.
Cybercrime, especially ransomware, is rampant so it is no longer a matter of if but when your business experiences an attack. Our goal is to help you understand your level of risk and improve your processes so you are more prepared to respond. To do just that, we will soon launch a free tool to evaluate your business’s ability to identify, detect, protect and respond to a ransomware attack.
Our incident response team sees how these attacks are deployed and the vulnerabilities attackers exploit. With this free tool, we’ll not only help you identify your strengths and weaknesses, but we will supply free remediation resources so you can proactively bolster your defenses. While businesses may not be able to avoid these attacks altogether, we are taking big steps to provide the tools and resources to understand and reduce your risk as well as improve your response procedures.
To learn more about Gillware visit https://gillware.com.
- Q&A: DTC brands can now find ad inspiration from Metric Digital’s “The Ad Creative Bank”
- Q&A: How MemoryStitch transforms your treasured shirts into forever quilts
- Q&A with Layer1’s Alexander Liegl: How Grin could be the most important crypto launch since Ethereum
- Q&A: Web3 Foundation on the future of the decentralized web