Repelling A Ransomware Attack: Anurag Gurtu On The 5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack

Back up your files regularly. Don’t wait for a ransomware attack; back up your files now. You can also use remote backups to avoid losing data if your computer is compromised, and you need to wipe it clean before restoring your backup files.

Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack?

In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the “5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack.” As a part of this series, I had the pleasure of interviewing Anurag Gurtu.

Anurag Gurtu has over 18 years of cybersecurity experience in product management, marketing, go-to-market, professional services and software development. For the past seven years, Gurtu has been deeply involved in various domains of AI, such as Natural Language Understanding/Generation and Machine Learning (Supervised/Unsupervised), which has helped him distill reality from fallacy and the resulting confusion that exists in cybersecurity with real-world applicability of this technology. Gurtu was fortunate enough to have experienced three company acquisitions (by Splunk, Tripwire and Sun Microsystems) and an early-stage startup that went public (FireEye). Gurtu holds an M.S. degree in Computer Networks from the University of Southern California and numerous cybersecurity certifications, including CISSP, CCNP Security and more.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

All of my career has revolved around customers. More specifically, understanding and solving their problems. My first startup was based on consulting with the ultimate goal of building a product and selling it to a big company. The company was successfully acquired by Sun Microsystems a few years later. After that, I spent six years at Cisco as a product manager. In that time, I learned how to build things for scale and to work on disruptive technology. I then joined FireEye, which eventually went public. This experience taught me how to lead hypergrowth companies. Having left FireEye, I returned to the startup world and was acquired and am now back in a startup. In short, I am always looking for new ways to solve existing problems and carry a problem-solving mentality. It has enabled me to grow.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I was fortunate to have been introduced to cybersecurity in the early days of my career, and I found it very interesting. Governance, Risk and Compliance was the specific domain I was exposed to, and while it doesn’t drive headlines it helped build my foundation. As I worked in the GRC domain, I gained my first cybersecurity certification — the CISSP, which exposed me to all other domains of cybersecurity, and the real stimulation came when I joined FireEye and learned about APTs. It was rather understanding the complexity of nation-state attacks and their kill-chain which inspired me to pursue this field.

Can you share the most interesting story that happened to you since you began this fascinating career?

In 2018, I witnessed the most fascinating thing, but it was the most ridiculous thing for me personally. It was the first RSA where the North and South halls were connected, and there were thousands of security vendors in attendance. My head spun at the overlapping messaging and positioning among these thousands of vendors, and I wondered, how would a prospect who is interested in acquiring a technology make any sense out of all this mumbo-jumbo jargon and taglines?

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

My thoughts are simple and the only thing I can share with the audience is this: think big to be big and only when you work hard will you get it.

Are you working on any exciting new projects now? How do you think that will help people?

At StrikeReady we have identified three key issues in current security operations that require urgent attention. The first is the cybersecurity skill gap. The majority of security teams struggle to gain a thorough understanding of every cybersecurity product and be familiar with its strengths and weaknesses. The excessive tools of all the products and their massively overlapping features further compound the problem. In addition, the adversary always finds a new way to attack, and it is only post-attack that the new technique, tactic, or methodology is discovered.

The second issue we help with is cyber fatigue. Defenders are bombarded with one alert after the other, which leads to burnout. With this onslaught of alerts, there is an increased risk of missing out on the most critical alerts.

Last but definitely not least is collaboration and remote work. This issue is particularly important in the current circumstances. Many organizations have several teams in their cybersecurity departments, such as the SOC team, DFIR team, and others. The teams are often siloed, and there is a lack of free flow of information. Now more than ever, it is very important to have these different teams working together as seamlessly as possible and to maximize communication and collaboration within the whole department.

StrikeReady targets these key problems with a product built from the ground up to address the pressing needs of the defender, be it a SOC Analyst, an Incident Responder, a Threat Intel analyst, a Threat Hunter, a Red Teamer, a Security Engineer, or any other defender. We are converging AI, knowledge, and automation to improve security analysts’ productivity and abridge their skill gap. Our product helps accelerate incident investigation, automates response, imparts knowledge, and proactively secures the organization.

For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Ransomware?

Another form of malware attack is ransomware, in which the attacker encrypts the entire filesystem or certain valuable files and then offers the victim the encryption key if they pay a ransom. An adversary can be either a nation-state actor or a script kiddy. As a twenty-year veteran of the cyber world and a person who has lived and breathed APT, kill chains, and MITRE for many years, I think I have an excellent understanding of this domain.

Who Has to Be Most Concerned about a Ransomware Attack? Is It Primarily Businesses or Even Private Individuals?

Ransomware attacks are threatening both businesses and individuals. If a company suffers a ransomware attack, it could result in significant losses both in terms of finances and reputation, as well as legal regulations, including litigation. Understandably, the companies that are most concerned about data security are mostly concentrated on big business and government institutions.

Those companies have plenty of money to afford the best protection schemes nowadays.

Therefore, small businesses and private individuals have to be most concerned about a ransomware attack because they are not as equipped to handle the threats as larger companies are.

Who Should Be Called First after One Is Aware That They Are the Victim of a Ransomware Attack? The Local Police? The FBI? A Cybersecurity Expert?

The FBI encourages ransomware victims to call their local police first. The police will be able to help the victims with the situation while working on assisting their computer via an Internet Service Provider or an internet security expert. This can also help victims gain access to the computer if it is locked by ransomware.

Ransomware attacks are often financially motivated crimes committed by organized cybercriminals. Local authorities will be able to provide valuable advice about how best to proceed with any payment and how to report the crime so that it can be investigated further. Many states have laws prohibiting the use of ransomware and other kinds of malware. In addition, local law enforcement agencies may be able to provide support or information about how to contact federal agencies involved in cybercrime investigations.

If a Company Is Made Aware of a Ransomware Attack, What Are the Most Important Things They Should Do to Protect Themselves Further, as Well as Protect Their Customers?

There are several things companies should do immediately if they are made aware of a ransomware attack. It is important to shut down the system to prevent further damage and data loss. This can be done by disconnecting the computers from the network or removing them from the network entirely.

Though this may seem like an extreme measure, there is a lot of sensitive data at risk, and attempting to fight off the attack could cause more harm than good. Once this has been completed, companies should contact their IT security professional, their insurance company as well as law enforcement. They will walk through the next steps on how to proceed.

It is also important that companies keep their customers informed of the situation if they have been affected. While it may seem like the wrong thing to do due to the sensitive nature of the situation, informing them of what has happened will help bring about trust in the organization and show that companies are taking accountability for what has happened. It will also let them know that companies are doing everything in their power to correct the situation as quickly as possible.

Should a Victim Pay the Ransom?

Many experts advise victims not to pay ransoms because there is no way to guarantee that the criminals will decrypt the files after payment. Numerous companies and individuals have reported paying ransoms in the past and never getting anything in return.

Paying the ransom may not be the most sensible thing to do, and the victim may not hear from the hackers again, especially if they sold the stolen information on the Dark Web.

The victim shouldn’t pay any ransom for a number of different reasons. First, it will only encourage the attackers to continue with more ransom attacks and possibly target other victims. Second, paying any kind of ransom is not guaranteed to give access back to the victim’s files in many cases. Third, paying any sort of ransom is illegal in most states and countries and could result in hefty fines and/or jail time if caught.

What Are the Most Common Data Security and Cybersecurity Mistakes You Have Seen Companies Make That Make Them Vulnerable to Ransomware Attacks?

Below are the most common data security and cybersecurity mistakes:

• Not aware of the latest ransomware attacks and how effective current security controls are against them
• Operationalizing threat intelligence too late
• Not using multifactor authentication
• Not using encryption
• Not restricting administrative access to authorized users
• Using outdated/unsupported operating systems
• Failing to patch or update regularly
• Outsourcing cybersecurity
• Not monitoring networks
• Using weak passwords
• Allowing contractors access to sensitive data/systems
• Being vulnerable through default passwords
• Storing sensitive files in public cloud storage
• Using weak security questions or no password reset process
• Allowing employees to record passwords

What Would You Recommend for the government or for Tech Leaders to Do to Help Limit the Frequency and Severity of These Attacks?

Unfortunately, any protection or enhancement effort would likely take years to complete. However, the government needs to be more proactive in creating a better online infrastructure that is more secure by design. There’s definitely a role for private industry and other stakeholders as well. But at a minimum, we need protocols in place that result in the faster notification of vulnerabilities and improved remediation.

Government should provide more information regarding data breaches and how these breaches occurred. We can increase the visibility of these events and hopefully deter future attacks. Any entity that is storing our information, whether it’s within the public or private sector, should be held to high standards with respect to safeguarding customer information.

What Are the “5 Things You Need to Do to Protect Yourself or Your Business from a Ransomware Attack” and Why?

Here are 5 important things that everyone should do to defend themselves from ransomware attacks:

1. Back up your files regularly. Don’t wait for a ransomware attack; back up your files now. You can also use remote backups to avoid losing data if your computer is compromised, and you need to wipe it clean before restoring your backup files.

2. Train your employees about ransomware. Your employees may be the first line of defense against malware, so it’s important for them to know the methods of attack and how to report suspicious activity. Make sure they understand and inform any suspicious activity directly to IT professionals immediately. So, they can take action against it before it causes damage or loses data.

3. Don’t click on links in emails from senders you don’t trust or even senders you know but whose emails make no sense or seem suspicious. This is the primary attack vector for ransomware. So, the best thing you can do to protect yourself is to avoid clicking on suspicious links in email at all; even if those links appear to come from a reputable source, exercise caution before clicking any links

4. Apply threat intelligence at speed and continuously assess your security posture by simulating active ransomware attacks to identify security gaps and mitigate them. In addition, install anti-malware software, security patches, and software updates promptly on all of your devices, including smartphones and tablets. Ignoring software updates leaves your computer vulnerable to known threats, regardless of how secure it may seem at the moment. Patches can repair security weaknesses and prevent future attacks from making their way through.

5. Use strong passwords and update them frequently. Your passwords should be long (at least eight characters) and contain letters, numbers, capital letters, and symbols in random order, so they’re difficult to guess. Also, if you use the same password for all of your accounts, and one is compromised, the rest of your accounts will be vulnerable too.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger.

Cyber attacks have definitely gotten worse over the years — whether it’s based on impact, monetary cost, sophistication, ease of use, etc. We’ve all heard about Ransomware-as-a-Service — what a novel concept for an adversary to lease technology or pay a royalty to bad actors. The time is now for organizations to unite and jointly combat these adversaries. In the field of cybersecurity, AI is an incredibly powerful tool that when combined with human intelligence and data can do wonders.

How can our readers further follow your work online?

You can find us on LinkedIn, Twitter and at our web site.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!